Back to skill
Skillv0.1.0
ClawScan security
Business Model Canvas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only Business Model Canvas playbook for solopreneurs; its requested footprint (no code, no installs, no credentials) matches its stated purpose.
- Guidance
- This appears to be a straightforward, instruction-only Business Model Canvas facilitator and does not request credentials or install code. Before installing, review the full SKILL.md yourself to confirm it does not later instruct the agent to collect or transmit sensitive business data (e.g., financial spreadsheets, customer lists) to external services. Avoid pasting secrets or confidential documents into the chat; if you plan to share sample customer or financial data, sanitize or anonymize it first. If you want extra caution, run the skill only when explicitly invoked and avoid enabling always:true or broad autonomous invocation for unfamiliar third‑party skills. If additional SKILL.md sections (not provided here) instruct reading files, accessing environment variables, or calling external URLs, re-evaluate — those would change the assessment.
Review Dimensions
- Purpose & Capability
- okName and description describe a BMC facilitation playbook and the skill declares no binaries, installs, environment variables, or credentials — all of which are appropriate and proportionate for this purpose.
- Instruction Scope
- okThe SKILL.md contains step-by-step guidance for filling BMC blocks and associated validation; it does not instruct the agent to read system files, access environment variables, or transmit data to external endpoints. (Assessment is based on provided SKILL.md content — no instructions that would exceed the business-model task were observed.)
- Install Mechanism
- okNo install spec or code files are present (instruction-only). This is the lowest-risk install posture and is consistent with the skill's stated purpose.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional for a consultative BMC playbook.
- Persistence & Privilege
- okalways is false and the skill is user-invocable (normal defaults). The skill does not request persistent system privileges or modify other skills' configs.