Skillv1.0.3

ClawScan security

Short Video Hook Lab · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 8:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a coherent, instruction-only skill for generating short-video hooks; it requests no credentials, installs nothing, and its instructions stay on-topic.
Guidance: This skill is instruction-only and internally consistent. Before using: (1) note the license is CC BY-NC-SA 4.0 — commercial use requires a separate paid license from Razestar; (2) the SKILL.md references a 'Creatop handoff' but provides no integration details, so expect that handoff to be manual unless your environment already supports Creatop integration; (3) do not paste sensitive or proprietary metrics into prompts (the skill encourages proof-first wording but also warns against using unverified precise numbers); (4) because there is no code to inspect, the regex scanner had nothing to analyze — the lack of findings reflects that fact, not an active security audit. If you plan to automate network handoffs or integrate with third-party tools, request explicit integration details and required credentials from the skill author before enabling automation.

Purpose & Capability: noteThe name, description, and workflow all align: the skill's purpose is to generate and refine short-video hooks and the SKILL.md describes exactly that. One small note: the card mentions a 'Creatop handoff' but there is no install spec, API keys, or instructions for integrating with Creatop — this is a workflow note rather than an active integration and is not required for the core functionality.
Instruction Scope: okRuntime instructions only ask the agent to collect user-provided context (audience, promise, action, platform), generate and score hook variants, and produce filming guidance. There are no steps that read system files, access environment variables, or transmit data to external endpoints.
Install Mechanism: okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. This is proportionate to its stated purpose.
Persistence & Privilege: okFlags show always:false and normal user-invocation/autonomy settings. The skill does not request permanent presence or system-level changes.