Back to skill
Skillv1.0.0
ClawScan security
One-shot perfect landing page · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 11:17 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and included files are coherent with its stated purpose (frontend copy + UI transformation for a landing page) and do not request unrelated credentials or risky install steps.
- Guidance
- This skill appears to be what it says: a frontend/copy transformation toolkit. Before installing or letting the agent run: (1) confirm you want the agent to read and modify your project files and back up or use version control so you can review diffs; (2) audit any npm install commands (e.g., framer-motion) in a safe/dev environment; (3) verify brand color tokens and font imports before merging to production; and (4) never provide secrets or unrelated credentials—this skill does not require them. If you want extra caution, run the changes in a branch and review the pull request produced by the agent.
Review Dimensions
- Purpose & Capability
- okName/description (copy + visual + mobile improvements) match the provided assets: Tailwind additions, CSS design tokens, and React/TSX components for cursor glow, marquee, scroll effects, and terminal steps. No unexplained binaries, credentials, or unrelated dependencies are requested.
- Instruction Scope
- noteSKILL.md and README instruct the agent to rewrite copy and edit project files (allowed-tools includes Read/Write/Edit/Glob/Grep). That file access is expected for a code-editing landing-page skill, but it means the agent will need permission to read and modify the user's repository files—review diffs and backups are recommended.
- Install Mechanism
- okNo install spec included in the registry metadata (instruction-only). README suggests normal frontend steps (npm install framer-motion) and an npx skills add command; these are standard and proportional to the task. There are no downloads from suspicious URLs or archive extraction steps.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The required frameworks (Next.js, Tailwind, framer-motion) align with the code included. No secret-exfiltration indicators present.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request elevated or persistent platform privileges. It will modify only project files as needed for the landing page, which is within scope.