Skillv1.0.0

ClawScan security

SAAS Orchestrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 1:38 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (orchestrating SAAS subagents and tracking projects); it does not request unrelated credentials, installers, or hidden network endpoints, but it is somewhat high-level about how subagents are spawned and it writes simple task/status files to disk.
Guidance: This skill appears to do what it says: orchestrate SAAS subagents and track project/revenue status. Before installing or running it, consider the following: (1) review the included Python scripts yourself — they only write local task/status text files and print reports, but verify there are no network calls you don't expect; (2) do not provide API keys (Stripe, Google, etc.) unless you intentionally connect those services — the skill's docs mention them but they are not required by the skill itself; (3) run the scripts in a sandbox or isolated environment if you plan to let an agent execute them autonomously, and limit the agent's ability to access sensitive files or credentials; (4) note the skill has no homepage or source attribution — if provenance matters to you, request or inspect the upstream source before use. If you want a stricter posture, disable autonomous invocation or run the skill in read-only mode first to observe behavior.

Review Dimensions

Purpose & Capability: okName/description (SAAS factory orchestration) matches included assets: spawn scripts, factory-status, references and templates. No unrelated environment variables, binaries, or install steps are requested. The included scripts implement status reporting and create build/research task files which is reasonable for the described orchestrator role.
Instruction Scope: noteSKILL.md instructs the agent to "spawn" and coordinate subagents and to integrate with services (Stripe, analytics, Product Hunt, etc.) as part of workflows. The instructions themselves do not contain commands that read arbitrary system files or exfiltrate data, but they are high-level and leave the mechanism for spawning/coordination unspecified — this gives an agent broad discretion at runtime, which could lead to network calls or credential requests depending on how the agent implements "spawning".
Install Mechanism: okNo install spec or external downloads are present. This is an instruction+script bundle; nothing in the manifest pulls remote archives or runs installers. The code files are shipped with the skill and will only be executed if the agent/user runs them.
Credentials: okThe skill declares no required environment variables or credentials. Some guidance text mentions integrating third-party services (Stripe, Google Analytics, etc.), which would require credentials if actually enacted, but those are optional integrations in the documentation rather than required by the skill itself.
Persistence & Privilege: notealways is false (normal). The skill's scripts write task and status report files to the working directory (e.g., build_task_*.txt, factory_status_*.txt). Writing local files is expected for this use case but you should be aware of this persistence when running the skill in a shared environment. Autonomous invocation is allowed by default (disable-model-invocation is false), which is normal for skills but increases the impact if the agent is later given network/credential access.