Skillv0.1.1

ClawScan security

Founder Story Brand Narrative · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 10:56 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and runtime behaviour are consistent with its stated purpose (creating founder-story and DTC brand copy); it requests no credentials, has no install steps, and the included scripts only read/write local files and help format or lint copy.
Guidance: This skill appears coherent and focused on generating founder-story copy. Things to consider before installing: - The two included Python scripts are benign utilities that read/write local files (generate markdown from JSON and lint copy). They do not make network calls or require secrets, but they will run on files you pass them — review them before executing if you run scripts locally. - The SKILL.md will prompt for business-sensitive details (origin story, proof, order counts, constraints). Avoid sharing proprietary secrets, private customer data, or confidential formulations in the chat input. - If you plan to run the scripts on a platform agent, confirm the execution environment is trusted (sandbox or non-production) and that you trust the skill source; the package has no external provenance listed (homepage/source unknown). - If you need stronger assurance, inspect the included files yourself or run them in an isolated environment; look for any changes to files outside their intended output paths. Overall, the package is consistent with its stated purpose.

Purpose & Capability: okName/description match the included materials: SKILL.md defines a brand-story workflow and outputs; reference docs, examples, and two Python scripts (generate brief + lint copy) are directly relevant. No unrelated binaries, env vars, or external services are requested.
Instruction Scope: okSKILL.md instructs the agent to gather product/founder/context questions and produce structured narrative outputs for DTC placements. It does not direct the agent to read system files, environment variables, or call endpoints outside the scope of producing copy. Asking for business details (origin, proof, constraints) is expected for this purpose.
Install Mechanism: okNo install spec provided (instruction-first). The two included Python scripts are plain, local utilities (no downloads, no extraction, no external package installs declared). No high-risk install behavior was detected.
Credentials: okThe skill requires no environment variables, credentials, or config paths. The data it asks for (brand name, origin, tone, proof) is sensible for copywriting and proportional to the stated function.
Persistence & Privilege: okalways:false and default autonomous invocation are used; the skill does not request persistent system-wide privileges or modify other skills. Nothing in the package indicates it will alter agent configs or require elevated persistence.