Back to skill
Skillv1.0.0
ClawScan security
Product Vision Strategy Assessment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 12:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only product-vision/strategy assessment skill that asks for documents or pasted text and does not request credentials, installs, or unusual system access — its requirements align with its stated purpose.
- Guidance
- This skill is internally coherent and low-risk: it only needs the product vision/strategy text you provide and does not request credentials or install code. Before using it, avoid pasting sensitive secrets, customer PII, or proprietary data you don't want analyzed. Be aware the agent can read/write the documents you give it (Read/Write tools listed) and that it can be invoked by the agent when relevant (normal platform behavior). If you want extra caution, strip identifying or secret information from documents before submitting them.
Review Dimensions
- Purpose & Capability
- okThe name and description match the runtime instructions: the skill evaluates product vision, strategy, and principles and asks for vision/strategy documents or text. It does not request unrelated credentials, binaries, or config paths.
- Instruction Scope
- okSKILL.md restricts actions to scoring and advising on provided vision/strategy documents and asks for explicit inputs (vision, strategy, business context). It works with pasted text or document files; there are no instructions to read system files, environment variables, or send data to unexpected endpoints. Users should avoid pasting sensitive secrets or PII into the input.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills are lowest-risk because they do not write code or binaries to disk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The requested inputs (documents, descriptions) are proportionate to an assessment task.
- Persistence & Privilege
- okalways is false and the skill does not request persistent privileges or modify other skills or system-wide settings. Model invocation is allowed (platform default), which is expected for an agent skill of this type.