Back to skill
Skillv1.0.0
ClawScan security
Market Analysis Cn Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:41 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only market-analysis offering whose files, instructions, and declared requirements are internally consistent and do not request extraneous credentials, installs, or privileges.
- Guidance
- This skill appears coherent and low-risk because it is instruction-only and requests no credentials or installs. Before using it: (1) confirm any paid tier and payment method explicitly (the skill's own guardrails require this); (2) do not paste sensitive or proprietary data into requests without an NDA; (3) treat any numerical market claims as estimates unless the skill cites named credible sources; and (4) if you need deeper technical integration or architecture details, require formal contracting and NDAs as the skill states it will not disclose internal implementation details directly.
Review Dimensions
- Purpose & Capability
- okThe name and description (market/competitor/user analysis with paid tiers) match the SKILL.md content and pricing table. There are no unrelated required binaries, env vars, or config paths listed that would be out of scope for a market-analysis service.
- Instruction Scope
- okSKILL.md contains service descriptions, pricing, and a simple POST /analyze example. It does not instruct the agent to read local files, access other services or credentials, or exfiltrate data. The included safety/guardrail text appropriately limits behaviors (payment confirmation, not fabricating data, not revealing internal architecture).
- Install Mechanism
- okNo install spec and no code files that would be executed. The package.json is informational only. As an instruction-only skill, there is minimal installation risk.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. That is proportionate to an instruction-only consulting/analysis skill.
- Persistence & Privilege
- okalways is false and model-invocation is not disabled (the platform default). The skill does not request persistent system presence or modification of other skills/config; no elevated privileges are requested.