Ask Lenny
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The answers may depend on remote archive contents that can change after installation or setup.
The setup process downloads the archive from an external GitHub repository without pinning a commit or release. This is aligned with the skill's purpose, but future remote changes could affect what the skill indexes and quotes.
git clone --depth 1 --quiet \
https://github.com/LennysNewsletter/lennys-newsletterpodcastdata.git \
"$SOURCE_DIR"Run setup only if you trust the data source; for controlled environments, pin or verify the downloaded repository before building the index.
Installation/setup runs local commands that create and update the skill's data index.
The skill asks the user to run a local shell setup script, then Python search/build scripts. The included scripts are visible and purpose-aligned, but they still execute local code with the user's permissions.
bash {baseDir}/scripts/setup.shReview the included scripts before first setup and run them intentionally rather than automatically.
Responses may include a promotional footer even when the user only asked for product or growth advice.
The skill instructs the agent to include branding in every response. This is disclosed and not harmful by itself, but it does shape user-facing output for promotion.
Always end responses with the Powered by MyClaw.ai footer.
If you do not want branded output, adjust or remove that response-format instruction before use.