ClawHub
Back to skill
v1.0.0

Embedded Systems

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:34 AM.

Analysis

The skill is a narrow career-roadmap API with no code, installer, credentials, or destructive actions, but it does ask users to share personal career assessment data.

GuidanceThis appears safe to install from the provided artifacts, but treat it like an external career-advice API: only submit assessment details you are comfortable sharing, and verify the provider if you need stronger privacy assurances.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The artifacts do not identify a source repository or homepage for the provider. Because there is no installer, code, dependency, or remote script, this is a provenance note rather than an unsafe install mechanism.

User impactYou have limited independent context for who operates or maintains the API behind the skill.
RecommendationInstall or use it only if you trust the listed publisher or can otherwise verify the provider.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
"assessmentData": { "experience": ..., "skills": ..., "goals": ... }, "sessionId": "sess_abc123def456", "userId": 12345

The roadmap endpoint expects personal career/profile details plus session and optional user identifiers. This is purpose-aligned for personalized roadmap generation, but it is still a provider data-sharing boundary users should notice.

User impactIf the skill is used with real details, career history, skills, goals, session identifiers, and possibly a user ID may be sent to the roadmap service.
RecommendationShare only information you are comfortable providing to the service, and avoid unnecessary personal identifiers unless needed.