Back to skill
Skillv1.0.0
ClawScan security
AEO Content (Free) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 4:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required tools, and lack of installs/credentials align with its stated purpose of producing AEO-optimized content using free web search/fetch and LLM reasoning.
- Guidance
- This skill appears internally consistent and uses only platform web_search/web_fetch plus LLM reasoning, so it's reasonable to install. Before using: (1) do not supply private or behind-auth URLs for the 'refresh' workflow unless you understand how the platform's web_fetch handles authentication; the skill will fetch and process any URL you provide. (2) The skill gives publishing guidance but does not itself perform publishing — verify any publishing steps and credentials separately. (3) Monitor outputs for factual accuracy and avoid inserting proprietary or sensitive data into drafts. If you need the agent to interact with paid search APIs or to publish content automatically, expect additional credentials or integrations to be required and review those separately.
Review Dimensions
- Purpose & Capability
- okName and description match the behavior in SKILL.md: research via web_search/web_fetch and use LLM reasoning to build briefs and drafts. No unrelated credentials, binaries, or install steps are requested.
- Instruction Scope
- noteInstructions are explicit and scoped to public web research, brief generation, drafting, and audit of provided URLs. Refresh mode requires the agent to fetch a user-supplied URL (expected for an audit workflow) — avoid providing private or behind-auth pages. The workflow is not overly broad and does not instruct reading local files or arbitrary environment variables.
- Install Mechanism
- okNo install spec or code files — instruction-only skill. Nothing will be downloaded or written to disk by an installer as part of the skill package.
- Credentials
- okNo environment variables, API keys, or credentials are required. The declared dependencies (web_fetch, web_search, LLM reasoning) are appropriate and proportional to the described functionality.
- Persistence & Privilege
- okSkill is not always-enabled and uses default autonomous invocation settings. It does not request elevated or cross-skill configuration changes or permanent presence.