Back to skill
Skillv1.0.0
ClawScan security
Activation Funnel Diagnostic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 12, 2026, 8:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions align with its stated purpose: it expects funnel metrics and flow docs, reads them, computes drop-offs, and emits a diagnosis without asking for unrelated credentials or installing code.
- Guidance
- This skill appears internally consistent and appropriate for diagnosing activation funnels. Before installing or running it, ensure you: 1) have the required files (funnel-metrics.csv and activation-flow.md) and confirm the product's 'aha moment'; 2) remove or redact any unnecessary PII from the CSV/survey files, since the skill needs Read access to those documents; 3) understand the agent will write activation-funnel-diagnosis.md into the workspace; and 4) review the generated recommendations before implementing experiments. If you want extra caution, inspect the SKILL.md on the linked GitHub homepage yourself to confirm no additional hidden steps.
Review Dimensions
- Purpose & Capability
- okName and description (activation funnel diagnosis) match the declared inputs (funnel-metrics.csv, activation-flow.md, optional survey-responses.md) and required tools (Read, Write). There are no unexpected environment variables, binaries, or external credentials requested.
- Instruction Scope
- okSKILL.md instructs the agent to confirm the aha moment, read the specified CSV and docs, compute conversion/drop-off metrics, segment by channel if present, interpret survey responses, and emit a markdown diagnosis and experiment list. Those steps stay within the stated scope and reference only the declared input files.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing is downloaded or written to disk beyond the output report the skill is meant to produce.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The only runtime capability required is Read/Write access to the document set (to read funnel CSV/docs and write the diagnosis), which is proportionate to the task.
- Persistence & Privilege
- okalways is false and the skill does not request permanent presence or system-wide changes. It requires standard agent Read/Write at invocation, which is expected for a document-processing diagnostic skill.