Back to skill
Skillv0.1.0
ClawScan security
Conference Poster Pitch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 9:24 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: a small, local CLI Python script that generates short poster pitches and does not request credentials, network access, or unusual system privileges.
- Guidance
- This skill appears benign and does what it says: a simple local script that prints 30s/60s/180s poster pitches. Before installing or running it: 1) review the small scripts/main.py (already included) to confirm it matches your expectations (it does); 2) if you plan to modify it to save outputs to files, be mindful of where you write them; 3) run it in your usual safe environment (no network or credentials are required); and 4) be cautious only if future updates introduce downloads, network calls, or requests for environment credentials — those would change the risk profile.
Review Dimensions
- Purpose & Capability
- okThe name, description, SKILL.md usage examples, and the included Python script all align: the tool takes a poster title and duration and prints a prepared pitch. There are no unexpected environment variables, binaries, or external integrations requested.
- Instruction Scope
- noteThe SKILL.md includes a generic risk checklist that mentions reading/writing files and validating input paths, but the provided script does not read or write files — it only prints to stdout. This is a minor documentation mismatch rather than active scope creep; runtime instructions otherwise stay within the stated purpose (run the script with title and duration).
- Install Mechanism
- okNo install specification or external downloads are present. The skill is instruction-only plus a single small script bundled in the package, which keeps installation risk low.
- Credentials
- okNo environment variables, credentials, or config paths are required. The script does not access the environment or sensitive files, so requested privileges are proportionate.
- Persistence & Privilege
- okThe skill does not request persistent/always-on status, does not alter other skills or system configuration, and does not store credentials. No elevated persistence is requested.