Back to skill
Skillv1.0.0
ClawScan security
Cb Referral Loyalty Program Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 6:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, descriptive skill whose requirements and runtime instructions align with its stated purpose (designing international referral and loyalty programs) and it requests no credentials, binaries, or installs.
- Guidance
- This skill appears to be a safe, descriptive planning tool. Before use: avoid pasting sensitive customer data or credentials into prompts; treat its legal/compliance suggestions as non-binding and get local legal counsel for sweepstakes, privacy, or payment rules; validate fraud and operational recommendations with engineers before implementing; and remember the skill does not itself take any external actions — any rollout must be executed by your team or systems.
Review Dimensions
- Purpose & Capability
- okName, description, and metadata describe a design framework and the skill's declared inputs and outputs match that purpose. There are no unrelated env vars, binaries, or platform integrations requested.
- Instruction Scope
- okSKILL.md contains purely descriptive instructions (questions to ask, frameworks to produce) and explicitly states it does not execute code, call APIs, access the network, or perform external actions. It asks the agent to collect market and business context from the user but does not instruct reading system files or other sensitive sources.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). Nothing will be downloaded or written to disk as part of installation.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The inputs to collect are user-provided market/business context (appropriate for the skill).
- Persistence & Privilege
- okThe skill is not marked always:true and requests no persistent system presence or modification of other skills. Autonomous invocation is allowed (platform default) but not unusual or excessive here.