Skills Orchestrator
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a local growth-planning/template generator with no evidence of credential use, network exfiltration, or hidden destructive behavior, though users should review its public-sharing recommendations before implementing them.
This skill looks safe to install for generating local growth-loop templates and simulated metrics. Before running scripts, confirm the output path is safe. Before implementing any generated growth plan, especially public-by-default publishing, SEO indexing, referrals, or leaderboards, add explicit consent, privacy safeguards, and opt-in controls.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the scripts may create or replace local Markdown or JSON output files.
The script writes generated content to a caller-influenced file path. This is expected for a report/template generator, but the redirection can create or overwrite local files at the selected path.
--output) OUTPUT_FILE="$2" ... DESIGN_FILE="${OUTPUT_FILE:-$DATA_DIR/LOOP-DESIGN-${SKILL_NAME}-$(date +%Y%m%d).md}" ... cat > "$DESIGN_FILE" << EOFRun the scripts only when you intend to generate files, use simple skill names and safe output paths, and avoid passing untrusted path values.
If a user follows the generated plan without review, skill outputs or user-generated content could become public or search-indexed by default.
The content-loop template recommends public-by-default publishing and indexing. It is only a generated design recommendation, not an automatic publication action, but it could affect user privacy if implemented blindly.
- **Default**: Public (opt-out) ... - [ ] Make outputs public by default
Treat public sharing, SEO indexing, referrals, and leaderboards as design ideas that require explicit user consent, privacy review, and opt-in defaults before implementation.