Back to skill
Skillv1.0.1
ClawScan security
Retention Drop Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 1:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only diagnostic helper whose requested inputs and behaviors align with its stated purpose and it asks for no credentials or installs.
- Guidance
- This skill appears coherent and low-risk: it only needs the content you choose to provide (script/transcript, retention curve, or CSV) and will produce diagnostics and optional Python analysis code. Before uploading any retention exports or CSVs, confirm they contain no sensitive or proprietary identifiers (user IDs, PII, or private project data). If the skill returns a Python script, review the code before running it in your environment; run analysis locally or in a trusted environment rather than sending raw analytics to unknown endpoints. Note the license: CC BY-NC-SA for non-commercial use—contact the author for commercial licensing.
Review Dimensions
- Purpose & Capability
- okThe name and description (diagnosing short-video retention drops and suggesting fixes) match the runtime instructions: ask for retention curves/transcripts, perform qualitative diagnosis, and optionally emit a Python analysis script when structured CSV data is provided. There are no unrelated credential or binary requirements.
- Instruction Scope
- noteInstructions stay on-topic (clarify inputs, segment video, diagnose drops, recommend fixes, produce a reusable Python script if the user supplies structured data). One point to note: the skill expects users may upload retention CSVs—while the skill only says to generate analysis code (not to execute or transmit data), uploading analytics can include sensitive or proprietary data; the SKILL.md does not instruct where code should be run or how uploaded data is stored or transmitted.
- Install Mechanism
- okNo install spec and no code files beyond SKILL.md and a harmless output template; this is lowest-risk (instruction-only) from an installation perspective.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths—there is no disproportionate secret or environment access requested.
- Persistence & Privilege
- okThe skill is not always-on, is user-invocable only, and does not request or describe modifying other skills or system-wide settings.