Back to skill
Skillv1.0.2
ClawScan security
App Store Deployment Guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 1:23 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only guide for App Store deployment that is internally consistent with its stated purpose and requests no unusual system access or credentials.
- Guidance
- This skill is a text guide and appears coherent and low-risk. Before you rely on it: (1) remember the SKILL.md is informational only—do not paste real Apple or customer credentials into third-party forms; (2) the premium content is sold via an external Gumroad link—treat payment/identity decisions as you would on any external marketplace and verify the seller if concerned; (3) verify time-sensitive claims (Apple rules change frequently) against Apple's official docs; and (4) if the guide asks for demo/test accounts in your app review process, create limited-scope test accounts and never share production credentials.
Review Dimensions
- Purpose & Capability
- okThe name and description describe an App Store deployment guide and the SKILL.md content matches that purpose. The skill requests no binaries, environment variables, or config paths, which is appropriate for a documentation/guide skill. The only external action is a link to a paid 'Premium' edition hosted on Gumroad, which is consistent with a freemium guide.
- Instruction Scope
- okSKILL.md provides step-by-step guidance and does not instruct the agent to read local files, access environment variables, run shell commands, or transmit user data to unknown endpoints. It contains checklist items and advice (e.g., demo account required) but does not direct the agent to collect or exfiltrate sensitive information.
- Install Mechanism
- okNo install specification or code files are present. This is the lowest-risk model: nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required credentials or config paths. That is proportional for a textual guide; nothing in the instructions attempts to access secrets or unrelated services.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request elevated or persistent privileges. It doesn't attempt to modify other skills or system settings.