Skillv1.1.1

ClawScan security

indie-hacker-strategy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 8, 2026, 3:07 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that provides indie-hacker marketing and growth advice; its requirements and instructions are coherent with its purpose and it does not request elevated privileges or external credentials.
Guidance: This skill is low-risk: it’s purely an instruction document for giving indie-hacker strategy advice and requests no credentials or installs. Before enabling, you may still (1) skim the full SKILL.md to ensure the recommended tactics match your comfort level, (2) be cautious about following any financial/legal advice without verification, and (3) avoid pasting secrets or private data into prompts when using the skill.

Purpose & Capability: okThe skill name and description match the SKILL.md content: guidance for indie-hackers, growth channels, and Build-in-Public tactics. There are no unrelated required binaries, env vars, or config paths that would be unexpected for this purpose.
Instruction Scope: okSKILL.md contains prose-driven guidance and invocation notes (e.g., what to say on first use). It does not instruct the agent to run shell commands, read system files, access credentials, or transmit data to unexpected endpoints. References are only external links to public articles.
Install Mechanism: okNo install spec and no code files are present (instruction-only). Nothing will be downloaded or written to disk as part of installation.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. That is proportionate to an advice/strategy skill.
Persistence & Privilege: okalways is false and model invocation is enabled (the platform default). The skill does not request persistent presence or modify system/agent-wide settings.