Back to skill
Skillv1.0.0
ClawScan security
Marketing Psychology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 6:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only marketing psychology helper whose requested actions and file reads align with its stated purpose and it asks for no extra credentials or installs.
- Guidance
- This skill appears coherent and low-risk: it only contains instructions and no external installs or credential requests. Before enabling it, check any product-context files (.agents/product-marketing-context.md or .claude/product-marketing-context.md) to ensure they don't contain secrets or sensitive PII you wouldn't want read by a skill. If you prefer tighter control, restrict invocation to manual/user-invoked only or sanitize context files used by the agent. Otherwise it is reasonable to use for marketing advice.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: the skill applies psychological models to marketing and references relevant mental models and marketing applications. There are no unrelated credentials, binaries, or external services required.
- Instruction Scope
- noteThe SKILL.md instructs the agent to check for and read a product context file (.agents/product-marketing-context.md or .claude/product-marketing-context.md) before applying models. That file read is coherent with tailoring marketing recommendations, but it means the skill will access agent-local context files — review those files for any sensitive data (credentials, PII) before allowing the skill to run.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes disk writes and remote code fetch risk.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths beyond the product-context file. Requested access is proportional to its purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request elevated or persistent platform privileges and does not modify other skills or system configs.