Back to skill
Skillv1.0.0
ClawScan security
Proposal Generator Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 3:46 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only proposal/template generator and its requirements and instructions align with that purpose; it does not request credentials, install software, or perform unexpected actions.
- Guidance
- This skill appears coherent and low-risk from a technical standpoint because it is instruction-only and requests no credentials or installs. Before using it: (1) do not paste confidential client data or sensitive attachments into prompts unless you are comfortable sharing them with the agent; (2) review generated case studies, pricing, timelines and legal terms for accuracy and client confidentiality—don’t send outputs to clients without editing; (3) ensure pricing/tax/legal language matches your jurisdiction and contracts; (4) if you want extra safety, invoke the skill manually rather than allowing any automated/autonomous runs. If the package later includes code, install steps, or requests credentials, re-evaluate immediately (that would change the risk assessment).
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all describe generating proposals and templates; there are no unrelated environment variables, binaries, or install steps requested. The requested inputs (client brief, call notes, service/pricing info) match the stated purpose.
- Instruction Scope
- noteThe SKILL.md instructs the agent to transform pasted client briefs or notes into proposals and to include case studies/terms. It does not direct the agent to read system files, environment variables, or external endpoints. Caution: the user is expected to paste potentially sensitive client data into prompts — the skill does not itself limit or redact that data.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This is the lowest-risk install model; nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. That is proportionate for a text-prompt/template generator.
- Persistence & Privilege
- okalways is false and default autonomy settings apply. The skill does not request permanent presence or elevated privileges and does not modify other skills or system settings.