Skillv1.0.0

ClawScan security

Product Market Fit Readiness Gate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 14, 2026, 1:18 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only product-market-fit gate whose requested inputs and actions are coherent with its purpose — it reads product briefs and optional CSVs, generates a survey template, scores responses, and analyzes retention; it does not request unrelated credentials or install code.
Guidance: This skill is internally consistent and does what it says: it will read any product brief and optional CSVs you provide, generate a Sean Ellis must-have survey template if requested, score responses against the 40% threshold, and analyze retention cohorts if you supply them. Before installing or invoking: (1) only give it documents you are comfortable sharing with the agent — do not attach personally identifiable user data, raw emails, or other sensitive PII unless you want the agent to read them; (2) if you expect the skill to analyze retention from your analytics platform, plan to export the cohort CSVs yourself rather than granting the skill platform credentials (the skill does not request or require credentials); (3) review any generated survey templates and follow-up messages before sending them to users. Overall the skill is coherent and does not request disproportionate access or take installation actions.

Purpose & Capability: okName/description (product-market-fit gate) align with the declared inputs and tasks: reading a product brief, scoring Sean Ellis must-have surveys, and analyzing retention cohorts. No unrelated binaries, credentials, or install steps are requested.
Instruction Scope: okSKILL.md limits actions to reading provided docs (product-brief.md, optional survey and retention CSVs), producing a survey template, scoring responses, and producing a verdict with remediation. It does not instruct the agent to access external accounts, read unrelated system files, or exfiltrate data. The references to analytics tools are advisory (recommend the user pull data) rather than commands to access those services.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing will be downloaded or written to disk by an installer beyond documents the agent creates (e.g., survey template).
Credentials: okNo environment variables, credentials, or config paths are required. The only required capabilities are Read/Write for the agent to access documents the user supplies, which is proportionate to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent system-level presence or modify other skills. Model invocation is permitted (default), which is expected for skills of this type.