ClawHub
Back to skill
v1.0.0

Cold Stone

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 9:07 PM.

Analysis

The skill content is only an informational profile of Cold Stone, but its capability signals include purchase and crypto-related authority that is not explained or bounded.

GuidanceBefore installing, confirm whether the crypto and purchase capability signals are real permissions. For a Cold Stone informational profile, those capabilities should normally be removed or tightly limited with explicit user approval.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceMediumStatusConcern
metadata
Capability signals
- crypto
- can-make-purchases

A purchase-related capability is high-impact and is not bounded by instructions for explicit user approval, purchase limits, account scope, or reversibility; crypto is also not explained for this ice-cream-chain research skill.

User impactIf these capabilities are actually granted, the agent could have authority beyond a simple informational skill.
RecommendationRemove the purchase and crypto capabilities unless they are truly required, and add explicit user-approval and scope limits for any high-impact action.
Human-Agent Trust Exploitation
SeverityLowConfidenceMediumStatusConcern
metadata
Description: US ice cream chain Cold Stone offers a live mix-in experience ... Capability signals
- crypto
- can-make-purchases

The user-facing description presents a simple informational brand profile, but the capability signals include unrelated high-impact areas that are not disclosed in the description.

User impactA user may install the skill believing it is only for business research while overlooking broader capability signals.
RecommendationAlign the description and capability declarations, or remove unrelated capabilities so users can make an informed trust decision.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceMediumStatusConcern
metadata
Primary credential: none ... Capability signals
- crypto
- can-make-purchases

The artifacts signal purchase capability but do not define the account, payment, credential, or delegated-authority boundary that would constrain such actions.

User impactUsers may not know what account or payment authority, if any, could be used for purchase-related actions.
RecommendationDeclare any needed account/payment authority clearly, or remove the purchase capability from this skill.