Skillv1.0.0

ClawScan security

Authority Signal Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 14, 2026, 6:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are consistent with its stated purpose (designing and auditing authority signals) and it does not ask for unrelated credentials, installs, or network endpoints.
Guidance: This skill appears coherent and safe in structure: it is instruction-only and asks only to read and edit content (bios, landing pages). Before installing or invoking it, ensure you run it in a workspace that contains only documents you intend the agent to read (remove any sensitive PII, secrets, or unrelated internal files). Remember this is a content-marketing and persuasion tool — its recommendations are strategic and rhetorical, not legal, medical, or regulatory advice; verify technical or compliance claims independently. If you prefer, restrict the agent's file access or require an explicit confirmation step before it reads any files. If you are uncomfortable with autonomous agent invocation, disable or require manual invocation in your platform settings.

Purpose & Capability: okThe name/description (authority signal design and auditing) align with the SKILL.md content. Required tools (Read, Write, TodoWrite, optional Grep) and the instruction to scan drafts/landing pages are proportionate to the stated function. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteThe instructions explicitly direct the agent to 'scan' the environment for existing bios, landing pages, and credential lists and to read drafts to produce concrete rewrites. This is appropriate for the skill's purpose, but it means the agent may open and read files in the working directory — users should only invoke it where those documents are safe to be accessed. The SKILL.md does not instruct the agent to send data to external endpoints or to read credentials outside the workspace.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This minimizes surface area: nothing will be written to disk or downloaded during install.
Credentials: okThe skill requires no environment variables, credentials, or config paths. Its need to read local documents aligns with its purpose; there are no requests for unrelated secrets or system-wide credentials.
Persistence & Privilege: okalways: false and no persistence or modification of other skills/config is requested. The skill can be invoked autonomously by agents (default platform behavior), but it does not request elevated or permanent presence.