ClawHub

Onboarding Cro

v1.0.0

When the user wants to optimize post-signup onboarding, user activation, first-run experience, or time-to-value. Also use when the user mentions "onboarding...

0· 92·0 current·0 all-time
byMario Karras@mariokarras
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (onboarding CRO) match the SKILL.md content. The skill asks only for product/context files and provides UX, metrics, and experiment guidance; there are no unrelated binaries, credentials, or external services requested.
Instruction Scope
Runtime instructions are prescriptive and bounded to onboarding tasks. They explicitly say to read .agents/product-marketing-context.md or .claude/product-marketing-context.md if present — this is reasonable for tailoring advice, but it means the skill will access workspace files if they exist. It does not instruct reading other system files, calling external endpoints, or accessing unrelated credentials.
Install Mechanism
No install spec and no code to execute. Instruction-only skills are lower risk because nothing is written to disk or downloaded.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths beyond optional product-marketing-context files. Requested scope is proportionate to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modification of other skills/configs. Autonomous invocation is permitted by platform default but is not combined with other concerning privileges.
Assessment
This skill is instruction-only and appears coherent with its onboarding/CRO purpose. Before installing, note that it will look for product-marketing-context files in the agent workspace (.agents/product-marketing-context.md or .claude/product-marketing-context.md) and use that content to tailor recommendations — review those files for sensitive data you don't want exposed. There are no network endpoints, installers, or credential requests in the skill itself, but recommendations may imply you should connect analytics or email tools (which would require separate credentials). If you want to be cautious, preview or remove any sensitive workspace context files before invoking the skill, and run it in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bqbbhttnnb7jr1tchxdsprh8371nd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments