Back to skill
Skillv1.0.0
ClawScan security
Stakeholder Negotiation Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 12, 2026, 8:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only negotiation/communication aid that is internally consistent with its stated purpose and does not request credentials, install anything, or instruct the agent to access files or external endpoints.
- Guidance
- This skill appears safe and coherent for its stated purpose: preparing negotiation briefs and communication strategies. Before installing, verify two operational details with your agent/platform: (1) what the 'Read'/'Write' tools actually permit (should be limited to conversation/memory, not arbitrary filesystem or network access), and (2) whether you want the skill able to run autonomously (it can, by default). Note the skill is marked 'draft' and is instruction-only — review the full SKILL.md and the included reference file if you want to confirm the tone and examples match your expectations. If you require stricter controls, consider disabling autonomous invocation or restricting the skill's tool permissions.
Review Dimensions
- Purpose & Capability
- okThe name and description (stakeholder negotiation for architecture conversations) match the SKILL.md and the reference material. There are no unrelated required binaries, environment variables, or credentials; the guidance and examples all relate to negotiation techniques.
- Instruction Scope
- okAll instructions are prose guidance about classifying audience, framing arguments, and producing negotiation briefs. 'Gather from environment' refers to conversation/prompt context (titles, mentions of hierarchy, relationship history) rather than system files or secrets. The skill asks the agent to ask the user for missing context when necessary; it does not direct file I/O, network calls, or exfiltration.
- Install Mechanism
- okNo install spec, no code files, and no downloads — instruction-only. This is the lowest-risk install profile.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The techniques and examples do not require any secrets or third-party API keys.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It allows normal autonomous invocation (disable-model-invocation is false), which is standard for skills and acceptable here. The skill does not request persistent system-level changes or cross-skill configuration.