Skillv0.1.0

ClawScan security

Customer Feedback · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 13, 2026, 8:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only playbook for collecting and analyzing customer feedback; its requirements and instructions are consistent with its stated purpose and it does not request unusual privileges or credentials.
Guidance: This skill is a written playbook and appears coherent with its stated purpose — low technical risk. Before using it operationally: (1) ensure you obtain explicit consent before recording or storing interviews and follow applicable privacy laws (GDPR, CCPA); (2) vet and configure any third-party tools you use (Canny, Typeform, Zoom, Calendly, Otter.ai) and avoid embedding API keys or customer PII in public documents; (3) enforce minimal data retention and access controls for spreadsheets/Notion where feedback is stored and anonymize sensitive feedback when possible; (4) if you allow an agent to act autonomously with this skill, restrict its ability to send outreach (surveys, emails) without human review to avoid accidental contact or data leaks. Overall the skill is coherent and low-risk, but operational privacy and third-party tool configuration are the main items to check before use.

Purpose & Capability: okThe name/description (customer feedback collection and analysis) matches the SKILL.md content. Recommended tools (Canny, Typeform, Calendly, Zoom, Otter.ai, Notion, spreadsheets) are appropriate for this purpose and no unrelated resources are requested.
Instruction Scope: noteThe instructions are procedural and stay within feedback collection/analysis (interview scripts, NPS guidance, organizing feedback). They recommend using third-party services and recording interviews with permission — this is expected but raises data-privacy considerations (consent, storage, PII handling) which the user should address before operational use.
Install Mechanism: okNo install spec and no code files (instruction-only). Nothing will be written to disk or installed by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. It does not request access to unrelated services or secrets.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent or elevated platform privileges beyond normal agent invocation.