saas-decomposer
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently aimed at analyzing public SaaS services, with noteworthy but purpose-aligned web fetching, memory references, and downstream event output.
This appears safe to install as an instruction-only analysis skill. Before using it, make sure the SaaS targets are public pages you intend to analyze, review any local memory files it references, and check generated event files before allowing downstream business-planning skills to rely on them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may browse or scrape external SaaS websites to build its report.
The skill directs the agent to fetch SaaS web pages as part of analysis. This is central to the stated purpose, but users should keep the crawl scope limited to intended public pages.
Crawl service landing/feature pages with `web_fetch`
Provide only intended public SaaS URLs or names, avoid authenticated/private pages, and review the resulting report for accuracy.
Reports may incorporate prior local notes or project context, not just the SaaS pages being analyzed.
The skill instructs the agent to use persistent memory/reference files during analysis. This is purpose-aligned, but such files can bias outputs or carry stale/private context if not reviewed.
Memory to reference during analysis: ... `memory/2026-02-09-insight-university-saas.md` ... `SOUL.md`
Review referenced memory files and avoid placing secrets or unverified instructions in shared memory used by this skill.
A SaaS analysis result could be reused by another planning skill and influence later business recommendations.
The skill documents an event file that can be consumed by another skill. This downstream handoff is coherent for business planning, but users should know analysis outputs may propagate beyond the immediate task.
Generated Events - `events/saas-analysis-YYYY-MM-DD.json` ... Consumers - `business-planner`
Review generated event files before relying on them downstream, and include clear source, date, and target-service information.
Users have limited external provenance information for the skill authoring or maintenance history.
The package provenance is not linked to a public source or homepage. Because this is instruction-only with no code or install steps, this is a low-level provenance note rather than a concern.
Source: unknown; Homepage: none
Prefer installing from publishers you trust and review the visible instructions before use.