Skillv1.0.0

ClawScan security

Pricing Psychology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 12, 2026, 8:23 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only pricing-advice skill whose requirements and instructions are coherent with its stated purpose (pricing psychology); it requests no credentials, installs, or unusual system access.
Guidance: This skill appears coherent and low-risk, but consider these practical points before installing: (1) Outputs are written to workspace/artifacts/ — review that directory for any sensitive customer or business data the agent might include in generated artifacts. (2) The advice uses persuasive tactics (anchoring, scarcity, decoys); ensure you apply them ethically and comply with pricing regulations in your domain. (3) If you do not want the agent to call this skill autonomously, disable autonomous invocation in agent settings. (4) Because the package has no install or code, review the SKILL.md content for any company-specific placeholders (e.g., internal product names) and adjust or remove them if needed.

Purpose & Capability: okThe SKILL.md content is consistent with a 'pricing psychology' advisory skill: it provides frameworks, principles, and examples for setting prices. There are no unexpected environment variables, binaries, or installs required. Note: the package metadata lacks a short description, but the SKILL.md itself documents the intended purpose.
Instruction Scope: okRuntime instructions are prose guidance and examples; they do not instruct the agent to read arbitrary system files, access credentials, or call external endpoints. The only operational instruction is that outputs should be written to workspace/artifacts/, which is a local workspace path — expected for an instruction-only authoring skill.
Install Mechanism: okNo install spec or code files are present (instruction-only). No downloads or third-party packages will be installed, which minimizes supply-chain risk.
Credentials: okThe skill requires no environment variables, credentials, or config paths. Nothing requested is disproportionate to a pricing-advice function.
Persistence & Privilege: noteThe skill is not always-enabled and is user-invocable (normal). Model invocation is enabled (agent may call the skill autonomously), which is the platform default — not a red flag by itself, but you should be aware the agent could call it without manual prompting if your agent is configured to allow autonomous skills.