Back to skill
Skillv1.0.0
ClawScan security
Product Strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 9:58 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only product strategy analyst that only uses its bundled reference files and makes no requests for credentials, installs, or external access — its declared behavior is coherent with its stated purpose.
- Guidance
- This skill appears internally consistent and low-risk: it is instruction-only, uses only the bundled reference documents, and requests no credentials or installs. Before you rely on its output, provide clear, specific decision context (what decision the analysis should inform) and any real metrics you want used; the SKILL.md emphasizes clarity and 'so what?'—use that. Also validate any TAM/SOM numbers or pricing recommendations against primary sources (SEC filings, industry reports) before taking action because the skill is opinionated and the model can still hallucinate facts or misstate source quality. Finally, note that the skill can be invoked autonomously by the agent (normal platform behavior); if you prefer manual control, restrict agent permissions in your environment rather than rely on this skill to do so.
Review Dimensions
- Purpose & Capability
- okThe name/description (product strategy, TAM/SAM/SOM, pricing, launch readiness, positioning) match the skill's contents: command list and six reference documents. The skill requests no binaries, env vars, or config paths — nothing appears extraneous or unrelated to product strategy work.
- Instruction Scope
- okSKILL.md contains deterministic runtime instructions and a short command set (/analyze, /market-size, /pricing, /launch-check, /position). It instructs the agent to load only the included references/ files mapped to each command. There are no instructions to read system files, environment variables, network endpoints, or other unrelated resources.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only. This minimizes disk writes and execution of third-party code; the manifest is consistent with an offline knowledge-base helper.
- Credentials
- okThe skill declares no required env vars, no primary credential, and no config paths. That is proportionate for a product strategy advisor that uses local reference docs.
- Persistence & Privilege
- okFlags show always:false (not force-included) and normal model invocation allowed. The skill does not request persistent system privileges or modify other skills. Autonomous invocation is enabled but is the platform default.