Back to skill
Skillv1.0.0
ClawScan security
PRD Review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 8:58 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only PRD review template that aligns with its stated purpose and does not request extra credentials, installs, or system access.
- Guidance
- This skill is an instruction-only PRD review template and appears internally consistent. Before using: (1) avoid pasting secrets, private keys, or confidential credentials into documents you ask the skill to review; (2) if you don't want autonomous runs, confirm your platform's agent invocation controls (the skill itself doesn't request extra privileges); (3) treat its recommendations as advisory — validate technical feasibility and compliance with your org's policies.
Review Dimensions
- Purpose & Capability
- okName, description, and runtime instructions all describe a document review / analysis workflow. There are no unrelated required binaries, environment variables, or config paths.
- Instruction Scope
- okSKILL.md confines the agent to analyzing user-supplied requirement documents and producing structured output (scores, risks, suggestions, decision list). It does not instruct reading system files, accessing credentials, or transmitting data to third-party endpoints. It accepts Feishu links or Markdown text but provides no steps that would fetch credentials or access external services automatically.
- Install Mechanism
- okNo install specification or code files — instruction-only skill. No downloads, archive extraction, or third-party package installs are present.
- Credentials
- okNo required environment variables, credentials, or config paths are declared or referenced in the instructions. The skill's needs are minimal and proportional to analyzing provided documents.
- Persistence & Privilege
- okalways:false (default) and no special persistence or cross-skill configuration is requested. The skill can be invoked autonomously per platform defaults, which is expected for skills of this type.