Back to skill
Skillv0.1.0
ClawScan security
Geo Bulk Processor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 6:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and included helper code are coherent with a bulk GEO/orchestration purpose and do not request unrelated credentials, installs, or privileged system access.
- Guidance
- This skill appears coherent and safe as a planning/orchestration tool: it expects bulk inputs (sitemaps, CSV/JSON exports) and produces pipeline specs and templates. Before installing, consider: (1) where the agent will get the site exports — avoid giving sensitive credentials or live CMS admin access unless necessary; (2) the skill references other geo-* skills (e.g., geo-schema-gen, geo-content-optimizer) which may themselves require credentials or network access — review those separately; (3) if you plan to let the agent process large datasets automatically, ensure sampling and QA policies are in place to avoid accidental mass changes; and (4) the included Python file is a harmless reference model and does not perform network I/O. If you want extra assurance, request the skill author/publisher information or inspect any geo-* skills that will be composed with this one.
Review Dimensions
- Purpose & Capability
- okName and description match the actions in SKILL.md and the included reference files: designing pipelines, clustering content, and producing export specs for large-site GEO work. The requested inputs (sitemaps, CSV/JSON exports, content folders) are exactly what such a skill would reasonably need; there are no unexpected binaries, credentials, or config paths.
- Instruction Scope
- okSKILL.md stays within orchestration/planning scope: ingest inventory artifacts, design pipelines, produce CSV/JSON specs, and recommend QA/rollout. It explicitly treats scripts/geo_bulk_pipeline.py as a conceptual reference and does not require executing system commands or reading unrelated system files. It does recommend calling other geo-* skills, which is consistent with its orchestration role.
- Install Mechanism
- okInstruction-only skill with a small, static helper Python file. There is no install spec, no downloads, and nothing that writes or executes arbitrary code on disk during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The SKILL.md does not attempt to read hidden env vars or system configs. The external-skill names referenced are logical integrations for the domain but are not included and may require their own credentials.
- Persistence & Privilege
- okalways is false (default). The skill does not request permanent presence or elevated privileges and does not modify other skills' configurations. Autonomous invocation is allowed by platform default but is not combined with any additional risky privileges here.