Back to skill
Skillv1.0.1
ClawScan security
video-optimization · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 1:43 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code-free instructions match its stated purpose (video SEO/video sitemap/VideoObject guidance); it requests no credentials or installs and only asks to read optional local project-context files for context.
- Guidance
- This skill appears coherent and instruction-only, but a few practical cautions: (1) It may ask you to paste page HTML, sitemap XML, or project-context files — avoid sharing private credentials, tokens, or full backups. (2) If you want the agent to act on Google Search Console or upload sitemaps automatically, that would require granting external credentials — the skill does not request these now, so only provide OAuth/API access if you trust an explicit integration. (3) Review any local project-context files it reads to ensure they don’t contain secrets. If you need higher assurance, test the skill with redacted/sample pages first.
Review Dimensions
- Purpose & Capability
- okName and description align with the SKILL.md instructions: the content is focused on video discovery, sitemaps, thumbnails, VideoObject schema, and watch-page recommendations. There are no unrelated environment variables, binaries, or install steps requested.
- Instruction Scope
- noteInstructions are focused on site-level video SEO. They do ask the agent to check optional local project context files (.claude/project-context.md or .cursor/project-context.md) for brand/page context — this is reasonable for producing tailored recommendations but does grant the skill read access to those project files. The skill does not instruct broad system file reads or exfiltration.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing is written to disk or downloaded.
- Credentials
- noteThe skill declares no environment variables or credentials. It references external services (Google Search Console, YouTube) and suggests using URL Inspection or submitting a sitemap, which may require user action or credentials outside the skill; however, the skill itself does not request those credentials or attempt to access them.
- Persistence & Privilege
- okThe skill is not set to always:true and uses default autonomous invocation. It does not request persistent system-level changes or modification of other skills' configs.