Back to skill
Skillv1.0.0
ClawScan security
build-landing-page-from-description · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 5:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill's requirements and runtime instructions are coherent with its stated purpose and do not request excessive privileges or unrelated credentials.
- Guidance
- This skill is instruction-only and internally consistent for building landing pages. Before using it, avoid pasting secrets or proprietary credentials into prompts (the skill will call platform chat/image/UI generation APIs). Review generated copy, images, and responsive code for IP, privacy, and accuracy before publishing. If you need stricter limits on autonomous actions, be aware the skill can be invoked by the agent (normal behavior) — limit what you provide in prompts and monitor outputs.
Review Dimensions
- Purpose & Capability
- okName and description (generate landing pages from a text brief) align with the SKILL.md workflow and the declared APIs (chat, ui_generation, image_generation). No unrelated binaries, environment variables, or config paths are requested.
- Instruction Scope
- noteSKILL.md stays within the expected scope: clarifying brief, producing drafts, generating assets, and refining output. It uses generic platform capabilities (chat, UI generation, image generation). The instruction 'Use the relevant SkillBoss capabilities to generate supporting assets' is somewhat vague and grants discretionary use of platform features, but this is reasonable for a design skill and does not itself demand access to unrelated data or system resources.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes disk writes and arbitrary code execution risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There are no requests for unrelated secrets or system-level access.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent platform privileges or modifications to other skills or global config.