Skillv1.0.0

ClawScan security

app store optimization · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 1:35 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only ASO specialist that is internally consistent with its description and does not request extra credentials, installs, or system access.
Guidance: This skill appears coherent and safe as an instruction-only ASO advisor. Before using it: (1) don't paste sensitive credentials (App Store Connect, Play Console, or third-party ASO API keys) in chat — if you must connect tools, prefer limited API keys and explicit integration channels; (2) expect the skill to ask for app metrics, example screenshots, or current metadata — share only what you're comfortable disclosing; (3) treat outputs as expert recommendations that you should validate with your ASO tooling and analytics (keyword volumes, ranking data) before making store changes; (4) note the skill enforces a mandatory confirmation checkpoint before producing full reports — this prevents unsolicited long exports. If you need the skill to fetch live ranking or download data, that will require external tool credentials or exports, which is outside the skill's current declared scope.

Purpose & Capability: okThe name/description (App Store Optimization) matches the runtime instructions and included references (keyword research, metadata, visuals, competitive analysis, full strategy). All reference files are relevant to ASO and the deliverables described. There are no unrelated requirements (no cloud creds, no unrelated binaries).
Instruction Scope: okSKILL.md prescribes an interactive, two-step workflow (extract context, present diagnosis and ask for confirmation) and only loads local reference files on demand. It does not instruct reading system files, environment variables, or sending data to external endpoints. It will ask users for app-specific data (metrics, assets) which is appropriate for the stated purpose.
Install Mechanism: okNo install spec and no code files beyond local reference docs — the skill is instruction-only, so nothing is written to disk or downloaded during install.
Credentials: okThe skill declares no environment variables, credentials, or config-path access. References mention third-party ASO tools (AppTweak, Sensor Tower, etc.) as optional data sources, but the skill does not require those credentials.
Persistence & Privilege: okFlags show default behavior (always:false, agent-invocable), so it does not force persistent inclusion. The skill does not request to modify other skills or system-wide settings.