Back to skill
Skillv1.1.2
ClawScan security
ASO — App Store Optimization Complete Guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 2:57 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only ASO (App Store Optimization) guide with no code, no installs, and no requested credentials — its stated purpose matches the content and requirements.
- Guidance
- This skill is a static ASO guide (no code, no installs, no credentials), so installing it carries low intrinsic risk. Before using it: (1) treat external links as typical web links—verify any third-party tool or signup pages yourself; (2) never paste sensitive credentials or private app data into prompts when querying the guide; (3) if you plan to act on the recommendations (e.g., paying creators, using third-party ASO tools), review those services' privacy and billing practices; (4) if you want added safety, keep this skill user-invocable only (do not enable automatic invocation) so it cannot be called without your prompt.
Review Dimensions
- Purpose & Capability
- okThe skill is a written ASO playbook; all included files are documentation and references about ASO, UGC, and platform differences. There are no unexpected dependencies, credentials, or binaries requested that would be unrelated to an ASO guide.
- Instruction Scope
- okSKILL.md and references contain only guidance, checklists, tool recommendations, and examples. The instructions do not tell the agent to read local files, access environment variables, call external endpoints other than citing public tool websites, or transmit data.
- Install Mechanism
- okNo install spec and no code files are present; this is instruction-only so nothing will be written to disk or executed during install.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Mentions of third-party tools are informational only and do not imply credential collection by the skill itself.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system privileges or modify other skills. Normal autonomous invocation is allowed by platform default but the skill's content does not leverage any special privileges.