Back to skill
Skillv1.0.0
ClawScan security
Retention Phase Intervention Selector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 6:37 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill is internally consistent: it asks for cohort CSVs and a product brief, performs cohort-phase diagnosis, and prescribes phase-appropriate interventions without requesting unrelated credentials or installing code.
- Guidance
- This skill appears coherent and low-risk because it is instruction-only and only reads the files you explicitly supply. Before installing or running it: (1) Provide only the cohort CSV and product brief needed for diagnosis; avoid uploading raw event logs or customer-identifying data unless you are comfortable sharing them with the agent. (2) If you lack evidence of product–market fit, run the referenced readiness gate first. (3) Treat the produced intervention plan as recommendations — review experiments and any messaging or campaigns for privacy, compliance, and business risk before execution. (4) If you plan to supply optional logs or surveys, anonymize or redact PII to reduce exposure.
Review Dimensions
- Purpose & Capability
- okName/description match the required inputs and actions: it asks for retention-cohorts.csv and product-brief.md and uses those to classify phases and recommend interventions. Declared dependencies (product-market-fit gate, north-star selector) are sensible for the stated workflow.
- Instruction Scope
- okSKILL.md confines runtime actions to reading the provided CSV and product brief, optionally using churn surveys or event logs to speed diagnosis, plotting retention curves, and writing two result documents. It does not instruct reading unrelated system files, environment variables, or sending data to external endpoints.
- Install Mechanism
- okNo install spec or code files — instruction-only skill. Nothing is downloaded or written to disk beyond the documents the agent is asked to produce, so install risk is minimal.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. It requires Read/Write access to documents you provide (retention CSV and product brief), which is proportional to its purpose; optional event logs are explicitly optional.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or cross-skill configuration changes. Autonomous invocation is allowed by default but not combined with any broad privileges or credential access.