Back to skill
Skillv1.0.0
ClawScan security
Growth Experiment Prioritization Scorer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 12, 2026, 8:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only ICE-scoring helper that only needs to read a backlog document and write a scored backlog — its declared inputs, tools, and behavior are coherent with its stated purpose.
- Guidance
- This skill is internally consistent with its stated purpose: it needs Read/Write access to accept an experiment-backlog.md and produce experiment-scored-backlog.md. Before running, make sure you (or your team) provide only the backlog content (or a file path to the backlog) and not a path to unrelated or sensitive files. If you prefer, paste backlog contents into the prompt instead of giving a filesystem path. Confirm whether the agent has permission only to the project/document locations you expect, and be aware the skill may read north-star-recommendation.md if available to derive the North Star metric.
Review Dimensions
- Purpose & Capability
- okName, description, and declared dependencies (other skills) match the instructions: the skill reads an experiment backlog, asks for a North Star metric (or pulls it from north-star-recommendation.md), scores ideas with ICE, and emits a scored backlog. No unrelated binaries, credentials, or installs are requested.
- Instruction Scope
- noteInstructions explicitly tell the agent to read an experiment-backlog.md (or accept pasted content) and to pull a North Star metric if available. This is appropriate for the task, but it does require the agent's Read permission and relies on the user supplying a correct file path or pasting content. Users should avoid providing paths to sensitive system files — the skill will read whatever path the user gives it.
- Install Mechanism
- okNo install spec or code files are included (instruction-only). Nothing is downloaded or written to disk by an installer; the runtime actions are limited to Read/Write operations the skill declares.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The only required capabilities are Read and Write, which are proportional to reading a backlog and emitting a scored backlog file.
- Persistence & Privilege
- okalways is false and the skill does not request persistent elevated privileges or modify other skills. It will run when invoked and can be invoked autonomously per platform defaults; this is expected for an agent skill of this type.