Skillv1.0.0

ClawScan security

Hijack Defender · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 3:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill coherently produces a written Amazon listing hijack monitoring and response playbook and does not request unrelated credentials or install code.
Guidance: This skill is an instruction-only playbook generator and appears internally consistent. Before installing or using it: (1) avoid pasting any Amazon account credentials, tokens, or private keys into prompts; (2) confirm your Brand Registry status and only provide ASINs and non-sensitive incident details; (3) treat cease-and-desist/legal templates as drafts—have an attorney review them before sending; (4) because the publisher/source is unknown, consider running the skill with a sample or non-sensitive ASIN first to verify output quality, and prefer guidance from known/verified publishers when handling high-stakes enforcement actions.

Review Dimensions

Purpose & Capability: okThe name and description match the SKILL.md content: the skill's stated goal is to generate a monitoring/response/playbook for Amazon listing hijacking, and the instructions ask only for brand name, ASINs, Brand Registry status, and optional incident details — all appropriate and proportional to that purpose.
Instruction Scope: okThe SKILL.md is an instruction-only document telling the agent how to compose a playbook (risk assessment, detection, escalation, prevention). It does not instruct the agent to read local files, access environment variables, call external endpoints, or perform actions in Seller Central; it explicitly states it cannot file complaints on the user's behalf. The scope stays within producing written guidance and templates.
Install Mechanism: okNo install spec and no code files are present — the lowest-risk form. Note: the skill's source is listed as 'unknown' and there is no homepage or publisher metadata; while this doesn't change the technical footprint (there's nothing to install), you may want to prefer skills with known publishers for provenance.
Credentials: okThe skill requests only non-sensitive inputs (brand name, ASINs, registry status, incident details). It does not require API keys, credentials, or config paths. As a precaution, users should avoid pasting any account credentials, tokens, or seller account screenshots into the prompt when supplying context.
Persistence & Privilege: okThe skill is not configured as always: true and does not request persistent system presence or modify other skills. It uses the platform's normal autonomous-invocation default (disable-model-invocation: false), which is expected for skills; there are no additional privilege escalations.