Back to skill
Skillv1.7.7
ClawScan security
Gingiris B2b Growth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 5:34 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only B2B growth playbook that requests no credentials, no installs, and its content/links align with the stated purpose.
- Guidance
- This skill is internally consistent and low-risk because it's purely a content/playbook with no installs or credential requests. Before using it: (1) validate external links (github/website) and authorship if provenance matters; (2) treat any included legal/contract templates as drafts — have a lawyer review before use; (3) avoid pasting sensitive customer data into prompts when generating templates; and (4) if you plan to let agents invoke skills autonomously, remember it could generate or share content from the playbook without manual review (no extra access is requested here, but review outputs for confidentiality).
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all describe a B2B SaaS growth playbook (PLG/SLG, sales decks, partner programs). There are no unrelated requirements (no env vars, no binaries, no installs) that would be inappropriate for this purpose.
- Instruction Scope
- okSKILL.md is a content/guide file with links to GitHub and the Gingiris website and includes playbook text and templates references. It does not instruct the agent to read local files, access credentials, run shell commands, or transmit data to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files are present. As an instruction-only skill, it does not pull binaries or remote archives — this is the lowest-risk install posture.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential access requested relative to its stated function.
- Persistence & Privilege
- okalways is false and disable-model-invocation is false (default). The skill can be invoked normally by the agent but does not request elevated or persistent system-wide privileges.