Back to skill
Skillv0.1.1
ClawScan security
Scaling Strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 5:51 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, playbook-style skill whose declared purpose (scaling a solopreneur business) matches its content and it requests no credentials or installs — nothing appears disproportionate or incoherent.
- Guidance
- This skill is an instruction-only playbook and appears coherent with its stated purpose — low-risk to install from a system-access perspective because it requests no credentials or installs nothing. Before enabling: skim the full SKILL.md to confirm the advice matches what you want; note it references another skill ('automation-workflows') which, if invoked, could introduce additional requirements (API keys, binaries) — review any referenced skills before allowing autonomous invocation. If you plan to let the agent call skills autonomously, ensure your agent-level governance/policy is configured (rate limits, allowed skills) so a chain of skills doesn't unexpectedly request access to other services.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: the document is a business playbook about deciding when to scale, identifying bottlenecks, automating, delegating, and creating SOPs. There are no unexpected requirements (no env vars, binaries, or installs) that would conflict with the described purpose.
- Instruction Scope
- okInstructions are narrowly scoped to business strategy and operational steps. They do not instruct the agent to read files, access system credentials, call external endpoints, or gather unrelated system context. The only external reference is a mention of an 'automation-workflows' skill for details — a cross-reference, not an instruction to exfiltrate data.
- Install Mechanism
- okNo install spec and no code files — nothing will be written to disk or downloaded. This is the lowest-risk form (instruction-only).
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no requests for secrets or unrelated service keys, which is proportionate for a strategy/playbook skill.
- Persistence & Privilege
- okalways is false and there are no install steps that persist or modify other skills/config. Autonomous invocation is allowed by default on the platform but that is expected and not uniquely risky here because the skill has no privileged capabilities.