Back to skill
Skillv1.0.0
ClawScan security
Idea Spark · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 3:52 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only idea generator that uses web search and an optional local validation command; its requests and instructions line up with its stated purpose and it does not ask for credentials or install code.
- Guidance
- This skill is internally coherent: it will perform web searches to find pain points and optionally call a local/external validation tool if present. Before installing, be aware that: (1) web_search queries will send search terms (the user's domain) to the internet; (2) if you have 'mcporter' and the 'idea-reality' MCP server installed, the skill may invoke them and send idea text for validation — review that server's privacy/trustworthiness if concerned. If you do not want external validation, do not install or enable the 'idea-check'/'mcporter' components; the core idea generation works without them.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: the skill performs web searches on Hacker News, Reddit, and GitHub to synthesize project ideas. It does not request unrelated credentials, binaries, or config paths.
- Instruction Scope
- noteInstructions are narrowly scoped to running web_search queries and summarizing results. One optional step uses exec to call 'mcporter call idea-reality.idea_check' for validation if that tool/server is available; this will send idea text to that external validation service when present. The skill does not instruct reading local files or environment variables.
- Install Mechanism
- okNo install spec and no code files — instruction-only, so nothing is written to disk or downloaded by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The optional validation step depends on an external MCP tool if the user has it installed; that is proportional to the advertised 'validation' feature.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent presence or elevated privileges and does not modify other skills or system settings.