Back to skill
Skillv1.0.0
ClawScan security
Pre-Order Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 13, 2026, 4:17 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill's requirements and runtime instructions align with its stated purpose of producing pre-order campaign plans and do not request unrelated credentials, installs, or system access.
- Guidance
- This is an instruction-only planning skill and appears coherent and low-risk. Before using it: (1) avoid pasting any real secrets or API keys into prompts or inputs; (2) review the generated campaign brief for business and legal accuracy before implementing; (3) if you plan to automate deployment into email/commerce systems, require separate, explicit integrations rather than copying credentials into the skill; and (4) if you want to restrict autonomous agent actions, keep this skill user-invocable only or review outputs before allowing automated execution.
Review Dimensions
- Purpose & Capability
- okThe name/description (pre-order campaign planning) matches the SKILL.md content: it asks for product, audience, dates, and produces a campaign brief. It does not request unrelated services, binaries, or credentials.
- Instruction Scope
- okSKILL.md is self-contained: it specifies the inputs it needs and the structured output it will produce. It does not instruct the agent to read files, environment variables, system config, or send data to external endpoints, and it explicitly states it will not integrate with live inventory or email systems.
- Install Mechanism
- okNo install spec or code files are included (instruction-only), so nothing will be downloaded or written to disk by the skill itself — lowest install risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths and the instructions do not reference any secrets — requested access is proportionate to the stated functionality.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system changes or modify other skills/configs. It can be invoked autonomously (platform default) but this is not combined with elevated privileges or broad credential access.