Skillv1.0.0

ClawScan security

A/B Test Architect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 7:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instruction-only A/B test planning skill whose declared purpose, runtime instructions, and resource requirements are internally consistent and do not request installs or credentials.
Guidance: This skill is an instruction-only planning tool and appears coherent with its purpose. Before installing or invoking it, avoid pasting sensitive credentials or raw analytics exports (API keys, full GA account configs, or full transaction logs). It's fine to provide summary numbers (current conversion rate, average daily sessions, rough revenue) so the skill can compute sample size and duration. Review any generated dev handoff and QA notes before implementing the test, and treat the outputs as recommendations to be validated by your engineering/analytics team. If you need guarantees about data handling or provenance (author identity, support, updates), note the listing lacks a homepage/source and consider that when deciding whether to rely on it for production workflows.

Review Dimensions

Purpose & Capability: okThe name and description (A/B test planning using the Test Velocity Method) match the SKILL.md content: it guides users through prioritization, hypothesis writing, sample-size math, segmentation, and dev handoffs. There are no unrelated requirements (no env vars, binaries, or installs) that would contradict the stated purpose.
Instruction Scope: noteThe runtime instructions are confined to asking the user for context (baseline conversion rates, traffic, tool used, test ideas) and producing structured test plans. The skill does not instruct the agent to read local files, environment variables, or contact external endpoints. One user-facing consideration: the skill asks for analytics/traffic numbers and business metrics — these can be sensitive (revenue, conversion rates, internal traffic), so the user should avoid pasting credentials or raw logs.
Install Mechanism: okThere is no install spec and no code files; this is an instruction-only skill. That minimizes persistence and disk-write risk.
Credentials: okThe skill does not request any environment variables, API keys, or config paths. All requested inputs are user-provided contextual data (metrics, traffic, tool name), which is proportionate to planning and sample-size estimation.
Persistence & Privilege: okalways is false (default). The skill does not request elevated persistence or to modify other skills' configs. Note: the platform default allows autonomous invocation; this skill's behavior does not otherwise increase privilege.