Back to skill
Skillv1.0.1
ClawScan security
Listing Gap Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 1:01 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with its stated purpose (auditing product listings) and it does not request extra credentials, installs, or system access beyond normal agent capabilities.
- Guidance
- This skill appears coherent and low-risk for its stated purpose. Before installing, note: (1) you'll need to supply your listing text or URLs and competitor URLs (ensure you have the right to share any proprietary content); (2) the skill prefers using the platform's managed browser to inspect live PDPs — that will access live pages but is a normal platform action, so only proceed if you're comfortable allowing the agent to view those pages; (3) the license is CC BY-NC-SA (non-commercial) with commercial use requiring a paid license from Razestar — confirm license terms if you plan commercial use; (4) avoid providing unrelated secrets or credentials to the skill. If you want deeper assurance, request the author identity/source or ask for an explicit privacy note about how scraped evidence is stored/used.
Review Dimensions
- Purpose & Capability
- okName, description, expected inputs, and outputs match the SKILL.md workflow: comparing a user's PDP against competitor PDPs, scoring gaps, and producing prioritized rewrite guidance. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okRuntime instructions are scoped to parsing listing text, inspecting competitor pages (via OpenClaw managed browser or explicit Browser Relay), benchmarking structure, and producing a gap report. The SKILL.md explicitly limits copying competitor claims verbatim and calls out compliance-sensitive claims. It does not instruct reading unrelated system files or exfiltrating data to third-party endpoints.
- Install Mechanism
- okThere is no install spec and no code files; this is an instruction-only skill. That minimizes disk footprint and supply-chain risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The expected inputs (user listing text, competitor URLs, product constraints) are proportionate to the audit task.
- Persistence & Privilege
- okalways is false, and the skill does not request persistent or elevated privileges or attempt to modify other skills or system-wide settings. Autonomous invocation is allowed by default but not combined with other concerning factors.