Back to skill
Skillv1.0.0
ClawScan security
Affiliate Marketing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 12:24 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only affiliate marketing skill is internally consistent with its stated purpose and requests no unusual permissions, binaries, or credentials.
- Guidance
- This skill is a guidance/playbook for running affiliate programs and appears coherent and low-risk. Before enabling: 1) Confirm you are comfortable with optional local files (~/affiliate-marketing/) and only allow creation if you want persistent program state. 2) Avoid storing sensitive credentials, PII, or financial secrets in the skill's memory files — the docs advise keeping only high-signal program decisions. 3) Be aware the skill may register an activation preference in agent memory so it appears when relevant; you can revoke or delete that memory later if desired. 4) Because this is instruction-only, no code will run or be installed, but review any local files the skill creates and periodically delete them if you no longer want persistence.
Review Dimensions
- Purpose & Capability
- okName and description match the included content (program design, partner ops, tracking QA, fraud controls, reporting). The skill requires no binaries, env vars, or installs — appropriate for a guidance/operating-playbook skill.
- Instruction Scope
- noteRuntime instructions are limited to advisory workflows and optional local persistence in ~/affiliate-marketing/ with explicit user consent. The SKILL.md also suggests saving an activation preference in the agent's main memory; this is reasonable for convenience but is a form of persistent state the user should be aware of.
- Install Mechanism
- okNo install spec and no code files — lowest-risk model (instruction-only). Nothing is downloaded or written unless the user consents to create an optional local folder.
- Credentials
- okNo environment variables, credentials, or config paths are required. The only configPaths metadata references an optional user workspace under ~/affiliate-marketing/ which the documentation frames as opt-in and limited to program context, partners, and incidents.
- Persistence & Privilege
- noteThe skill is not marked 'always' and allows autonomous invocation (the platform default). It may store optional local files and suggested activation preference in the agent's main memory; these are normal but constitute persistent state the user should approve and can later remove.