Skillv1.0.0

ClawScan security

Generate Estate Planning Law Firm Client Education Handout · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 9:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only helper for producing estate-planning client handouts and its requirements and instructions are consistent with that purpose.
Guidance: This skill appears coherent and low-risk, but take these precautions before enabling it: 1) Do not supply real client PII or confidential documents until you confirm how the agent will use or store outputs. 2) Verify what "relevant SkillBoss capabilities" will be called — if those capabilities fetch external data or other skills, confirm they are trusted. 3) If you do not want the agent to read local files or run shell commands, restrict or disable the Bash/Read tools in the runtime. 4) Always have a human reviewer (preferably legal counsel) verify the output — the skill itself warns it is not a substitute for legal advice. 5) If you are concerned about autonomous invocation, consider disabling autonomous runs or reviewing invocation logs. Overall this skill is consistent with its stated purpose, but avoid exposing client-sensitive data without explicit controls.

Purpose & Capability: okName, description, and declared APIs (chat, image_generation) align with creating a visual handout; there are no unexpected environment variables, binaries, or installs requested.
Instruction Scope: noteRuntime instructions are generally scoped to drafting and refining handouts, but they include a vague step: "Use the relevant SkillBoss capabilities to enrich assets or supporting data." That phrasing grants the agent broad discretion to call other capabilities. The skill metadata also lists allowed-tools: Bash and Read, which could enable file or shell access if the runtime actually exposes those tools. The SKILL.md itself does not explicitly instruct reading local files or exfiltrating data, but the vagueness could lead to scope creep if the agent auto-invokes other capabilities.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only so nothing is downloaded or written to disk by the skill itself.
Credentials: okNo environment variables, credentials, or config paths are requested; this is proportionate for a content-generation handout skill.
Persistence & Privilege: okalways:false and default invocation settings are used. The skill does not request permanent presence or special privileges and does not modify other skills or system configuration.