Back to skill
Skillv1.0.0
ClawScan security
SaaS Idea Validator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 3:29 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only idea‑validation skill whose requested capabilities, lack of required credentials, and runtime instructions are consistent with its stated purpose.
- Guidance
- This skill appears internally consistent and low-risk: it is instruction-only and asks the agent to perform public web research and produce templates/reports. Before installing: (1) confirm your agent has appropriate web/browsing permissions if you expect live Reddit/forum evidence; (2) don't provide any private credentials or proprietary docs to the skill, as it doesn't need them; (3) expect that referenced local reference files are missing from the package — outputs may rely on the model's web access rather than packaged reference content; (4) verify any cited sources in the generated report before acting on them (models can hallucinate plausible-sounding but incorrect citations). If you need offline or reproducible validation, request that the skill include or reference concrete source links and data files.
Review Dimensions
- Purpose & Capability
- noteName/description (SaaS idea validation using Reddit/forum research, competitor analysis, and financial modeling) align with the instructions. The skill requests no binaries or credentials, which is proportionate. Minor inconsistency: SKILL.md/README reference files (references/validation-checklist.md, references/pricing-models.md) are listed but not present in the package.
- Instruction Scope
- okRuntime instructions are templates and deliverables for market research, competitor mapping, pricing, MVP scope and a financial model. They ask the agent to gather evidence from public sources (Reddit, forums, reviews) but do not direct the agent to read local system files, secrets, or unrelated config paths.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes on-disk execution risk (lowest-risk install profile).
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Nothing requests broad or unrelated secrets; this is proportionate to a market-research/consulting-style skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent elevated privileges or to modify other skills. Autonomous model invocation is allowed (platform default) but not combined with other red flags.