Back to skill
Skillv1.0.0
ClawScan security
Promotion Enrollment Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 13, 2026, 3:09 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose: a heuristic, read-only enrollment planner that does not request credentials or perform network calls.
- Guidance
- This skill appears to be a heuristic, read-only assistant that generates enrollment checklists and timelines without contacting seller portals. Before installing, quickly confirm the handler exposes the expected entrypoint (tests reference handle()) and manually review the full handler.py for any network or subprocess calls not visible in the excerpt. Understand that outputs are heuristic: double-check eligibility and final submission requirements with the platform's official seller center before acting, and never provide platform credentials to this skill since it is not designed to perform authenticated enrollment.
Review Dimensions
- Purpose & Capability
- okThe name and description describe heuristic enrollment planning across ecommerce platforms; the code contains platform/promotion rule tables and renders a markdown brief. No unrelated credentials, binaries, or platform integrations are requested.
- Instruction Scope
- noteSKILL.md explicitly prohibits live portal/API access and the included code implements local, heuristic text analysis and rendering. One minor inconsistency to verify in the full repository: the provided tests import a handle() entrypoint — ensure the handler exposes the expected public entry function and that it does not perform network I/O at runtime.
- Install Mechanism
- okThere is no install spec (instruction-only style). Code files are included but no download/install step is defined, so nothing is written to disk by an installer.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths and the code does not reference external secrets. Requested access is proportional to the stated functionality.
- Persistence & Privilege
- okThe skill does not request persistent or elevated privileges (always:false). It does not declare modifications to other skills or system-wide settings.