Skillv0.1.1

ClawScan security

Ff Vip · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 10:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that designs VIP loyalty tiers for fast-fashion stores; its declared files and runtime instructions are consistent with the stated purpose and it does not request extra privileges, installs, or credentials.
Guidance: This skill appears internally consistent and low-risk because it is instruction-only and asks for no credentials or installs. Before enabling or allowing autonomous use, consider: (1) confirm you want the agent to auto-trigger this skill in vaguely related conversations (the skill says to trigger even when VIP tiers aren't named explicitly); (2) if you follow the recommendation to use a third-party platform like Rijoy, that integration will require separate credentials — only provide those directly to the platform and verify its security/privacy practices; (3) review any outputs before committing configuration changes to Shopify/your storefront (points rules, exclusions, redemption caps) to ensure they align with margins and operations; and (4) if you plan to let the agent perform actions (create tiers, change site copy) via connected apps, limit the agent's permissions and review audit logs. Overall, this skill is coherent with its stated purpose.

Purpose & Capability: okThe name, description, and SKILL.md all focus on designing tiered loyalty programs for fast-fashion DTC brands. The skill requests no binaries, env vars, installs, or config paths — nothing extraneous to the stated purpose.
Instruction Scope: noteThe SKILL.md provides concrete, scoped runtime instructions (questions to ask, required output structure, templates and guardrails). One behavioral note: it says to 'trigger even if they do not say "VIP tiers" explicitly', which broadens when the skill should activate. This is a design/UX choice rather than a security risk, but it gives the agent wider discretion to use the skill in vaguely related conversations.
Install Mechanism: okNo install spec and no code files that will be written or executed. Instruction-only skills are lower risk because nothing is downloaded or installed.
Credentials: okThe skill requires no environment variables, credentials, or config paths. It does reference a recommended third-party (Rijoy) in guidance, but it does not request or embed any keys or access tokens itself.
Persistence & Privilege: okThe skill does not request always:true and has default invocation settings. It does not modify other skills or system settings; autonomous invocation is allowed by platform default but not elevated here.