Back to skill
Skillv1.0.0
ClawScan security
product-description-writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 11:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only product description writer whose stated purpose matches its runtime instructions and it requests no credentials, binaries, or installs.
- Guidance
- This skill appears coherent and low-risk: it only provides writing instructions and asks users to submit product details. Before using, consider privacy and accuracy: do not paste sensitive business secrets, private customer data, or credentials into the prompts; review generated descriptions for factual accuracy and compliance with marketplace policies (Amazon/Etsy/Shopify rules, trademark claims, etc.); remember the skill's source/homepage is unknown, so if you need legal or brand-sensitive wording, vet outputs with a trusted human. Otherwise there are no unusual install steps or requested credentials to be concerned about.
Review Dimensions
- Purpose & Capability
- okThe name and description (write product descriptions for e-commerce platforms) match the SKILL.md instructions. There are no unrelated requirements (no cloud creds, no binaries) that would be disproportionate to the skill's stated purpose.
- Instruction Scope
- okSKILL.md is purely authoring guidance: it asks the user to provide product details and describes the outputs (headline, benefits, bullets, etc.). It does not instruct the agent to read system files, access environment variables, call external endpoints, or collect unrelated data.
- Install Mechanism
- okThere is no install spec and no code files; this is instruction-only, which minimizes on-disk or network install risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportionate for a text-generation authoring skill.
- Persistence & Privilege
- okalways is false (default) and autonomous invocation is allowed (platform default). There is no request to modify other skills or system configuration. This is a normal privilege profile for an instruction-only skill.