Back to skill
Skillv1.0.0
ClawScan security
Lead Magnets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 12, 2026, 8:23 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only lead-magnet design framework whose declared requirements, instructions, and scope are coherent with its stated purpose; it requests no credentials or installs and doesn't appear to perform unexpected actions.
- Guidance
- This skill appears coherent and low-risk, but before installing consider: 1) confirm the agent's workspace/artifacts/ location is acceptable — avoid leaking sensitive files into generated artifacts; 2) review any real testimonials, numbers, or case studies you publish for accuracy and privacy/compliance (GDPR/consent for captured emails); 3) if you wire the lead magnet into an email or CRM, those integrations will need separate credentials — the skill does not request them itself; and 4) preview generated opt-in copy to ensure it doesn't request excessive personal data. If you need provenance, ask the publisher for a homepage or source repo.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md content is a detailed lead-magnet design framework that matches the skill name. There are no unrelated environment variables, binaries, or install steps requested. Note: registry metadata lacks a short description or homepage, but the included SKILL.md itself defines the purpose clearly.
- Instruction Scope
- okInstructions are confined to marketing/funnel design guidance and examples. The only operational directive is that outputs go to workspace/artifacts/, which is consistent with producing artifacts. The instructions do not request reading system files, credentials, or contacting unexpected external endpoints.
- Install Mechanism
- okNo install specification and no code files are present (instruction-only). This minimizes disk writes and execution of third-party code — appropriate for a documentation/guide skill.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportionate for a guidance-only skill that only produces marketing artifacts.
- Persistence & Privilege
- okalways:false (default) and model invocation is allowed (default). This is normal for skills. The skill does not request persistent presence or modify other skills/configs.