Back to skill
Skillv1.0.3
ClawScan security
Creator Proof Portfolio Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 8:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper for building creator proof packs; its declared purpose, runtime instructions, and artifacts are coherent and do not request unrelated credentials, installs, or system access.
- Guidance
- This is an instruction-only, coherent skill for formatting creator proof packs. Before using it, be mindful that: (1) it will ask you to provide performance screenshots, exports, or campaign notes — do not share credentials, API keys, or unredacted sensitive personal data; (2) the included license (CC BY-NC-SA 4.0 with commercial use reserved by Razestar) means you should obtain a commercial license from Razestar if you intend to use outputs commercially; (3) review any attachments the agent produces before sending to brands to ensure metrics are accurate and no private data is leaked. If you prefer tighter control, avoid enabling autonomous invocation or supply assets only interactively.
Review Dimensions
- Purpose & Capability
- okName/description align with the instructions: the SKILL.md explains how to gather creator assets, verify evidence, and produce a one-page proof pack. There are no unrelated required binaries, environment variables, or config paths.
- Instruction Scope
- okRuntime instructions stay on topic: collect content examples, performance snapshots, audience/profile info, and produce structured outputs. The instructions do ask for platform screenshots/exports/reports (user-supplied evidence) but do not instruct the agent to read system files, access credentials, or send data to external endpoints.
- Install Mechanism
- okNo install spec and no code files beyond SKILL.md and a template; nothing is downloaded or written to disk by an installer. This is the lowest-risk install posture.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or broad permissions.
- Persistence & Privilege
- okalways is false and there is no indication the skill persists state or modifies other skills or system configuration. Autonomous invocation is allowed by default on the platform but the skill itself does not request elevated persistence or privileges.