Back to skill
Skillv1.0.1
ClawScan security
Competitive Intel Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 1:17 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested capabilities, runtime instructions, and lack of installs or credentials are internally consistent with a competitive-intelligence/reporting assistant.
- Guidance
- This skill is internally coherent and low-risk as an instruction-only competitive-intel helper. Before installing, consider: (1) whether you want the agent to scrape sites that may be paywalled or require login — you may need to supply API keys or disallow scraping of authenticated services; (2) compliance with site Terms of Service and robots.txt for large-scale scraping; (3) guardrails for handling personal data (don’t harvest contact details or PII unless you have a lawful reason); and (4) review autonomous runs or grant explicit invocation only if you want to avoid unchecked scraping. If you plan to use paid sources (Crunchbase, LinkedIn APIs), prefer adding explicit, limited credentials and rate limits rather than relying on unauthenticated scraping.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md tasks (competitor profiles, pricing benchmarks, SWOTs, job/posting signals, press monitoring). The skill does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- noteInstructions implicitly require crawling/searching public websites (company sites, job boards, news sites, LinkedIn/Greenhouse) and synthesizing results — that's coherent for this purpose. The SKILL.md does not instruct reading local files or environment secrets. It is somewhat vague about handling paywalled or authenticated sources (e.g., LinkedIn/Crunchbase), so an operator may need to decide whether to use public endpoints or paid APIs and how to handle scraping limits/ToS.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk or pulled from external archives. This is the lowest-risk install posture.
- Credentials
- okNo environment variables, credentials, or config paths are required. This matches the skill's public-data focus. Note: practical use may require optional API keys for paid news/databases; the SKILL.md does not request or presuppose such keys.
- Persistence & Privilege
- okalways:false and normal agent-invocable/autonomous invocation defaults are used. The skill does not request permanent system-wide privileges or modify other skills' configs.