Skillv0.1.0

ClawScan security

Geo Local Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 6:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an internally coherent, instruction‑only local‑SEO workflow (with one small helper script) that does not request credentials, install software, or instruct the agent to access unrelated system resources.
Guidance: This skill appears safe and coherent: it's a workflow/template pack for local SEO with no secret access or installers. Before installing, you may want to: (1) verify the publisher/source if you need provenance (there's no homepage listed), (2) review the SKILL.md to ensure its suggested questions and templates match how you want to collect customer data (avoid pasting sensitive PII in public contexts), and (3) be aware that if you later integrate outputs with services like Google Maps, review those specific skills or connectors for API keys and permissions—they are outside this skill's scope.

Review Dimensions

Purpose & Capability: okThe name/description (local GEO optimization for businesses) matches the files and instructions. Required resources are minimal and appropriate for a workflow/orchestrator: templates, a checklist script, and an SKILL.md that guides output structure. Nothing requested (no env vars, no binaries) is disproportionate to the stated purpose.
Instruction Scope: okSKILL.md contains stepwise guidance for collecting business/location info and producing local‑SEO plans. It does not instruct the agent to read unrelated files, exfiltrate data, call unknown endpoints, or access system credentials. It references coordinating with other GEO skills (which is a logical workflow tie‑in) but does not itself require or access those skills' credentials.
Install Mechanism: okNo install spec — instruction‑only. The single Python helper file is lightweight, well‑commented, and intended as a reference; it has no network calls, no obfuscation, and is safe to read or adapt. No downloads or archive extraction are present.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The content does not attempt to read environment variables or secrets. (Note: downstream integrations the user chooses later—e.g., Google Maps API usage—would require credentials, but those are not requested by this skill.)
Persistence & Privilege: okalways is false; the skill is user-invocable and allows model invocation (platform default). It does not request permanent presence, nor does it modify other skills or system settings. There are no instructions that write persistent agent configuration or self-enable beyond normal usage.