Back to skill
Skillv0.1.0
ClawScan security
Product Description Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 8:06 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and tooling are consistent with a product-description writer; it asks for no credentials, has no network/install behavior, and its scripts match the stated purpose.
- Guidance
- This skill is internally consistent and contains only local helper scripts for generating and linting product-copy. Before installing: (1) avoid pasting sensitive secrets or private business intelligence into prompts, (2) review generated copy for legal/regulatory accuracy (e.g., no unbacked medical or safety claims, trademark usage), and (3) if you do not want the agent to trigger this skill automatically when users paste specs, consider disabling autonomous invocation for your agent or ensure trigger rules are acceptable. If you need networked workflows (e.g., auto-posting to your store), expect separate integrations that will require credentials and additional review.
Review Dimensions
- Purpose & Capability
- okName/description match the included assets and scripts. The two Python scripts (brief generator and lint) and the SKILL.md are coherent for producing and checking product descriptions; there are no unrelated binaries, env vars, or config paths requested.
- Instruction Scope
- okSKILL.md limits actions to asking clarifying questions and generating SEO-optimized copy. It does not instruct the agent to read system files, environment variables, or contact external endpoints. The prompts and outputs are narrowly scoped to product-copy tasks.
- Install Mechanism
- okNo install specification is provided (instruction-only skill with local scripts). All code is included in the bundle; there are no downloads, remote installers, or extracted archives referenced.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. That matches its purpose of text generation and local linting.
- Persistence & Privilege
- okFlags: always=false and autonomous invocation is allowed (disable-model-invocation=false), which is the platform default. The skill does not request persistent system-wide changes or access to other skills' configuration.