Back to skill
Skillv1.0.0
ClawScan security
Dropshipping Product Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 13, 2026, 10:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a self-contained heuristic dropshipping evaluator (no network calls, no credentials requested) and its code and instructions match the stated purpose.
- Guidance
- This skill is a simple, local heuristic tool — it does not call external services or request credentials. Before relying on its recommendations: (1) treat outputs as heuristics only and validate with supplier quotes and ad tests, (2) be aware the scoring is keyword-based and may miss context or nuance (e.g., large prices, multi-word markets), and (3) review the included handler.py if you need stronger guarantees or to adapt scoring rules. If you plan to extend it (add real marketplaces, ad data, or automation), expect to need API keys and to reassess privacy and security implications.
Review Dimensions
- Purpose & Capability
- okThe name and description describe heuristic scoring for dropshipping product ideas; the included handler.py implements exactly that with keyword lists and simple scoring. No unexpected credentials, binaries, or services are required.
- Instruction Scope
- okSKILL.md limits the skill to heuristic scoring and explicitly states no marketplace scraping or real-time API access. The runtime code only parses the provided text, computes scores, and returns markdown; it does not read other files, environment variables, or send data externally.
- Install Mechanism
- okThere is no install specification (instruction-only behavior) and no downloads or package installs. Code files are included but they are local Python scripts executed by the agent; nothing is fetched from external URLs.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The code does not reference any secrets or external tokens.
- Persistence & Privilege
- okalways is false (not force-included). disable-model-invocation is default (agent can invoke autonomously), which is expected. The skill does not modify other skills or system-wide settings.