Back to skill
Skillv0.1.0
ClawScan security
Customer Onboarding · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 8:52 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only onboarding playbook that is internally consistent with its stated purpose and requests no credentials, binaries, or installs.
- Guidance
- This skill is a static playbook and poses low technical risk because it asks for no credentials or installs. Before relying on it: (1) verify any suggested third‑party tool integrations in your product's security/privacy review before wiring real accounts, (2) treat the tactics as general advice—validate with your analytics and engineering team, and (3) if you want automation (sending emails, integrating Intercom, etc.), prefer skills or code that explicitly declare required credentials and install steps so you can review them.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md: it provides playbook-style guidance for designing onboarding flows. The content references common third-party tools (Intercom, Appcues, Userflow) which is expected for this domain and does not require those services be present.
- Instruction Scope
- okThe instructions are limited to product/UX tactics, templates, email sequences, and measurement recommendations. They do not direct the agent to read local files, access environment variables, call external endpoints beyond naming third-party vendor examples, or transmit user data.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only), so nothing is written to disk or executed. This is the lowest-risk install profile.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. References to analytics or messaging tools are illustrative and not tied to secret/config requirements in the skill.
- Persistence & Privilege
- okalways is false and model invocation is not disabled (normal defaults). The skill does not request elevated persistence, nor does it instruct changing other skills or system settings.