Back to skill
Skillv1.0.0
ClawScan security
Content And Email Marketing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 8:57 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only content+email marketing helper whose requested actions, files, and tools match its stated purpose and do not ask for unrelated credentials or installs.
- Guidance
- This skill is coherent and low-risk: it only asks for product/audience/activation information and produces content and email plans as text files. Before using, avoid pasting any secrets or account credentials into prompts. Be aware the skill will create plain-text files (e.g., activation-definition.md) in the agent's working directory; if those files will contain sensitive customer data, store them securely. Also note the recommendation to send personal emails (CEO follow-up) is a behavioral suggestion — actual sending would require your email system and credentials, which this skill does not request or perform.
Review Dimensions
- Purpose & Capability
- okThe name/description (content + email lifecycle planning) aligns with the SKILL.md tasks (define activation, plan content, design email sequences). No unrelated binaries, credentials, or config paths are requested. The declared dependency on bullseye-channel-selection is coherent (channel selection precedes content planning).
- Instruction Scope
- okRuntime instructions are limited to asking the user for product/audience/activation info, generating content/email plans, and writing plain-text artifacts (e.g., activation-definition.md). The skill does not instruct the agent to read arbitrary system files, access environment variables, or transmit data to external endpoints. It does reference use of tools (Read, Write, AskUserQuestion) consistent with producing documents.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is the lowest-risk install posture; nothing is downloaded or written beyond the working documents the skill produces.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Suggested behaviors (e.g., CEO personal email) are content recommendations and do not imply access to mail systems or secrets. There are no disproportionate secret requests.
- Persistence & Privilege
- okalways:false and the default model-invocation behavior are in place. The skill writes plain-text planning files in the working directory (declared in execution.environment), which is expected for a content planning skill. It does not request persistent system-wide privileges or modify other skills' configs.