Back to skill
Skillv1.0.0
ClawScan security
Chatbot Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 1:09 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that generates chatbot conversation architectures and does not require credentials, install steps, or access to system files—its requirements and behavior match its description.
- Guidance
- This skill appears coherent and low-risk because it only generates design documents. Before using it: avoid pasting real customer PII or live API credentials into prompts; provide only high-level policies, metrics, and catalog summaries (redact personal data). Treat the outputs as specifications to review—validate any suggested API call points, SLA numbers, or escalation criteria with your engineering and legal/ops teams before implementing. If you want the skill to produce platform-specific config, consider supplying sanitized sample data rather than secrets.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md: it produces conversation architectures for ecommerce support. It does not request unrelated resources (no env vars, no binaries) and asks only for user-provided context (inquiry categories, policies, catalog).
- Instruction Scope
- okSKILL.md confines the agent to designing flows, intent maps, escalation rules, and analytics frameworks. It suggests integration points (where an implementation would call order APIs) but does not instruct the agent to access live systems, files, or secret environment variables.
- Install Mechanism
- okThere is no install spec and no code files—this is instruction-only. Nothing is downloaded or written to disk, which minimizes installation risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional for a design/specification skill; any references to API integration points are descriptive and do not request tokens or secrets.
- Persistence & Privilege
- okalways is false and the skill is user-invocable with normal autonomous invocation allowed. That is expected for a tool of this type and it does not request elevated or persistent system privileges.