Back to skill
Skillv1.0.1
ClawScan security
Ugc Hook Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 21, 2026, 5:26 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only short-form-video hook analysis skill whose declared purpose, inputs, and runtime instructions are internally consistent and request no credentials, installs, or unusual system access.
- Guidance
- This skill appears coherent and low-risk: it needs only UGC text/context and performs content analysis and rewrites. Before using it, avoid pasting sensitive or personal data into prompts (the skill will process whatever you provide). Note the license: CC BY-NC-SA 4.0 restricts reuse to non-commercial use and requires attribution; commercial use requires a paid license from Razestar. Validate any compliance or product-claim recommendations the skill flags before publishing, and test outputs on a small sample to ensure tone and accuracy match your brand.
Review Dimensions
- Purpose & Capability
- okThe name/description, expected inputs (UGC script/transcript, audience, product angle, platform), and outputs (diagnosis, variants, execution notes) align. There are no unrelated requirements (no cloud creds, no binaries) that would be disproportionate for a content-analysis/rewriting tool.
- Instruction Scope
- okSKILL.md limits runtime behavior to classifying hook archetypes, mapping audience intent mismatches, generating alternative hooks, execution notes, and flagging clickbait/compliance risks. It does not instruct reading arbitrary system files, accessing external endpoints, or collecting environment secrets.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This is the lowest-risk installation profile because nothing is written to disk or downloaded as part of the skill.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. There is no request for unrelated secrets or system access.
- Persistence & Privilege
- okalways is false (default), and autonomous invocation is allowed but typical for skills. The skill does not request permanent presence or privileged modifications to agent/system configs.