Back to skill
Skillv1.0.0
ClawScan security
Seller Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 1:09 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only template that asks you to paste store metrics and qualitative notes and then generates a structured monthly audit; its requirements and behavior match its description and it does not request credentials or install anything.
- Guidance
- This skill is a manual audit template — it will not pull live data or require credentials. Before using, remove or anonymize any customer PII (names, emails, full order details) from the metrics or feedback you paste. If you expect the skill to fetch dashboards or run connectors, note that it cannot — you'll need to export metrics and paste them. Treat the output as advisory: verify high-impact recommendations against your own platform dashboards and category benchmarks. If you don't want the agent to invoke skills autonomously, you can adjust skill invocation settings in your agent, though this skill has no other red flags.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md: the skill is a human-driven audit framework for TikTok Shop and other ecommerce platforms. All declared inputs (metrics, top SKUs, content summary, feedback) are proportional and expected for this purpose.
- Instruction Scope
- okRuntime instructions are limited to receiving user-provided metrics and qualitative notes and producing a five-part audit report. The SKILL.md explicitly states it does not connect to live dashboards and does not instruct reading system files, environment variables, or transmitting data to external endpoints.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk or fetched at install time.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The required inputs are manual metrics and summaries provided by the user, which are appropriate for the stated purpose.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable. It does not request persistent presence or elevated privileges beyond normal agent invocation.