Skillv1.0.0

ClawScan security

Paywall Upgrade Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 3, 2026, 7:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's required inputs, runtime instructions, and declared metadata are consistent with a paywall/upgrade-screen redesign tool and do not request unrelated access or privileged resources.
Guidance: This skill appears coherent and limited to copy/strategy work, but consider these precautions before installing or using it: do not paste PII, customer emails, API keys, or other sensitive secrets into the prompts; confirm the provenance/author if you require vendor accountability (homepage and source are missing, and listed price differs between files); try it first with anonymized or dummy paywall content to review outputs; if you plan to let an autonomous agent call this skill, review your agent's policies so it doesn't send sensitive internal pricing or customer data without explicit approval.

Purpose & Capability: noteThe name, description, and instructions all focus on redesigning paywalls and upgrade screens; the inputs requested (current copy, product category, triggers, pricing, objections, social proof) are appropriate. Minor metadata inconsistency: SKILL.md lists a Price of $29 while listing-metadata.md shows $19, and source/homepage are unknown — these are provenance/marketing issues, not functional mismatches.
Instruction Scope: okSKILL.md instructs the agent to ask for and analyze user-provided paywall copy and product context and to produce assessments and rewrites. It does not instruct the agent to read files on disk, access environment variables, call external endpoints, or exfiltrate data beyond the user-provided content.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This minimizes installation risk because nothing is downloaded or written to disk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The runtime instructions only request user-supplied product and paywall text, which is proportional to the stated purpose.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent system presence or elevated privileges. disable-model-invocation is false (normal), so the agent could invoke the skill autonomously per platform defaults.