Skillv1.0.0

ClawScan security

plan-estate-planning-law-firm-local-seo-faq-cluster · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 8:07 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only local-SEO content creation skill whose declared requirements and runtime instructions align with its stated purpose and request no sensitive access.
Guidance: This skill appears coherent and low-risk: it just instructs the agent to research and draft local SEO FAQ copy and requests no credentials. Before installing, verify the SkillBoss/GitHub links if you plan to follow the README's manual-install instructions (inspect any external repo before cloning). Also remember the output is marketing/legal-adjacent content — do a human/legal review before sending to clients or relying on it as legal advice. Don’t supply any secrets or credentials to the skill; if you see later versions asking for API keys or unexpected files/paths, treat that as suspicious and re-evaluate.

Review Dimensions

Purpose & Capability: okThe name/description (generate local SEO FAQ clusters for an estate‑planning law firm) matches the SKILL.md workflow: research local questions, cluster them, and draft FAQ copy. Declared capabilities (web_search, chat) are appropriate for that goal and there are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: noteSKILL.md is repetitive but stays on task: it instructs the agent to research questions, cluster them, and produce copy. It references built-in capabilities (web_search, chat) and asks to use SkillBoss features for enrichment. There are no instructions to read unrelated system files, environment variables, or to exfiltrate data. Note: the skill warns to get human review before treating output as legal advice, which is appropriate.
Install Mechanism: okNo install spec and no code files are included, so nothing is written to disk by an installer. README mentions a GitHub clone command as a 'manual install' option — that's informational but not required by the packaged skill. Because the skill is instruction-only, install risk is minimal.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. That is proportionate for a content-research and drafting skill that uses web_search and chat. There are no hidden env var references in SKILL.md.
Persistence & Privilege: okalways is false and the skill does not request persistent system privileges or to modify other skills. Autonomous invocation is allowed by default but that is expected and not combined with other red flags here.