Skillv2.1.1

ClawScan security

Validate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 10:08 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instruction-only skill that is internally consistent with its stated purpose: it analyzes startup ideas using bundled frameworks, local markdown search, and web search and does not request credentials or install code.
Guidance: This skill appears coherent and reasonably low-risk, but review these practical considerations before installing or running: - It will read local markdown/docs (manifest, research.md, etc.) and may write generated PRDs to the project. Run it in a workspace that doesn't contain sensitive or private documents you don't want scanned or modified. - The skill performs web searches and (if available) will use MCP KB/project/web search tools; it does not send data to unknown external endpoints beyond normal web search. Still review any output before sharing externally. - Because Read/Grep/Bash/Write/Edit are allowed, the agent could modify files — back up important repo content or run in an isolated copy if you want to prevent accidental changes. - No credentials or installs are requested, so there's no secret-exfiltration signal in the manifest. If you later add MCP tools that provide access to additional data sources, consider whether those tools should be restricted. If you want extra caution: try the skill on a small, non-sensitive idea first and inspect generated files and logs to confirm behavior matches expectations.

Review Dimensions

Purpose & Capability: okThe name/description (idea validation, PRD generation, STREAM/S.E.E.D./Manifest checks) align with the skill's requests and capabilities: it uses local .md searches, bundled reference documents, web searches, and optional MCP KB/project/web search tools. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: noteSKILL.md confines searches to markdown/docs and uses web searches and bundled references for analysis, which is appropriate. Caveat: allowed-tools include Read/Grep/Bash/Write/Edit — the instructions do ask the agent to read and potentially write project files (search .md, look for research.md, generate PRD). This is coherent for a validation/PRD skill but means it will access and may modify repository docs; confirm you want that behavior in the current workspace before running.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes disk persistence and arbitrary code execution risk.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill's use of MCP-specific tools is optional and appropriate; nothing asks for unrelated secrets or cloud credentials.
Persistence & Privilege: okalways is false and the skill is user-invocable. It may write PRD files (Write/Edit are allowed) but does not request system-wide or other-skills' configuration changes. Autonomous invocation is allowed by platform default but not granted elevated 'always' presence.