Back to skill
Skillv1.0.0
ClawScan security
Competitor Analysis Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 12:35 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: its instructions, required tools, and outputs align with a competitive analysis use case and it does not request unrelated credentials or install code.
- Guidance
- This skill appears to do what it claims: web-research public information and write reports. Before installing, confirm you are comfortable allowing the agent to perform web searches/fetches and to create files in output/competitor-analysis/. Do not pass proprietary or sensitive documents or credentials as arguments (e.g., avoid feeding internal spreadsheets or secrets) because the skill is allowed to read local inputs like brief.txt and has filesystem and shell-related tools available. If you plan to enable autonomous invocation, consider restricting the agent's tool permissions (e.g., disallow arbitrary shell execution) and review generated outputs for accuracy and sensitive data before sharing externally.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the skill performs web research, compares features/pricing, generates SWOT and recommendations, and writes report files. The declared (empty) env and credential requirements are consistent with a public-web research task.
- Instruction Scope
- okSKILL.md confines actions to publicly available information and specifies the expected report structure and output files. It accepts a local brief.txt as input (reasonable for this task) but does not instruct reading system secrets or unrelated config files.
- Install Mechanism
- okNo install spec and no code files — instruction-only — so nothing is downloaded or installed. This minimizes disk-write and supply-chain risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill uses only web search/fetch and filesystem I/O to save reports, which is proportionate to the stated purpose.
- Persistence & Privilege
- okalways:false and normal invocation settings. The skill writes output into a dedicated output/competitor-analysis/ path as described; it does not request persistent platform-wide privileges or modify other skills.