Skillv1.0.0

ClawScan security

create-boutique-hotel-local-guide-script · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 23, 2026, 4:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only template for producing local guide copy and its declared requirements and behaviors are coherent with that purpose.
Guidance: This skill is a high-level instruction template for producing boutique-hotel neighborhood guides and appears internally consistent. Before installing or enabling autonomous use: 1) Confirm which SkillBoss capabilities the agent will call when it 'enriches assets' (so you know what external services or data sources are used). 2) Require human review before publishing content (the skill itself recommends this). 3) Watch for web_search results that might include incorrect facts, out-of-date listings, or copyrighted text — verify and replace with primary sources where needed. 4) Ensure no PII (guest data, contact details) is being pulled or exposed during content generation. If you plan to allow autonomous runs, restrict that to limited test scopes initially and audit outputs and any external API calls.
Findings: [no-code-files-or-regex-findings] expected: The scanner found no code or suspicious patterns; this is expected because the skill is instruction-only (SKILL.md).

Purpose & Capability: okName, description, and declared APIs (chat, web_search) match the stated goal of generating branded neighborhood/guest-content. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope: noteSKILL.md contains high-level workflow steps to draft and refine content and instructs use of 'relevant SkillBoss capabilities' and web_search. The language is intentionally generic (guiding the agent to enrich with platform capabilities), which is appropriate for a template but leaves broad discretion to call other capabilities — review what those capabilities do before enabling autonomous runs.
Install Mechanism: okNo install spec and no code files — instruction-only skill, so nothing is written to disk or fetched during install.
Credentials: okNo environment variables, credentials, or config paths are requested; the skill does not ask for any sensitive tokens or unrelated secrets.
Persistence & Privilege: okalways is false; the skill does not request permanent presence or elevated privileges. It can be invoked by the agent per normal platform behavior.