Product Marketing Context
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: product-marketing-context Version: 1.0.0 The skill is classified as suspicious due to broad instructions for file system access. The `SKILL.md` instructs the AI agent to 'study the repo' and 'Read the codebase: README, landing pages, marketing copy, about pages, meta descriptions, package.json, any existing docs' to auto-draft a marketing document. While the stated purpose is benign (creating a local markdown file), the phrase 'study the repo' and 'any existing docs' grants the agent overly broad read access to potentially sensitive files within the project directory (e.g., `.env` files, configuration files, or even private keys if present), creating a significant vulnerability for unintended information disclosure. There is no explicit evidence of malicious intent like exfiltration, but the capability is high-risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The generated context file could preserve business positioning, customer language, metrics, testimonials, or competitive details for future agent use.
The skill intentionally creates persistent context that may be reused by other skills, so inaccurate or sensitive information in that file could influence later marketing outputs.
Creates `.claude/product-marketing-context.md` that other marketing skills reference.
Review the generated `.claude/product-marketing-context.md` before relying on it, and avoid adding confidential details unless you are comfortable with other local marketing skills referencing them.
Auto-drafting may pull information from repository documentation or marketing files into the context document.
The skill directs the agent to read project files to draft the marketing context. This file access is disclosed and aligned with the purpose, but users should understand the scope before choosing auto-draft.
Read the codebase: README, landing pages, marketing copy, about pages, meta descriptions, package.json, any existing docs
Use the auto-draft option only in repositories where reading marketing/docs files is acceptable, and review the draft for private or incorrect content.