Back to skill
Skillv1.0.0
ClawScan security
Generate Estate Planning Law Firm Client Education Handout · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 11:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper for producing estate-planning client handouts and its declared requirements and actions are consistent with that purpose.
- Guidance
- This skill appears coherent for producing estate-planning handouts: it asks for no secrets and has no install script. Before installing or cloning any external repo mentioned in the README, verify the repository owner and contents (the README refers to a different slug/owner than the registry metadata). Note the SKILL.md allows tools like Bash/Read even though they aren't needed — if you enable agent autonomy, consider restricting or reviewing any runtime commands the agent may run. Always perform human legal review of the generated materials before sharing with clients.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the SKILL.md instructions: drafting a handout with visuals and FAQs. No unrelated credentials, binaries, or system access are requested. Minor inconsistency: README install instructions reference a different slug/GitHub owner (qiaomu...) than the registry metadata (toby... / owner kn75...), which could indicate stale or mismatched metadata to verify before trusting an external repo.
- Instruction Scope
- noteSKILL.md only instructs the agent to clarify audience, draft content, and enrich assets via SkillBoss capabilities; it explicitly warns to get human review and not to treat output as legal advice. It is somewhat vague about 'use the relevant SkillBoss capabilities' and lists allowed-tools (Bash, Read) even though the steps don't require shell access; this gives the agent broader discretion than strictly necessary and is worth noting.
- Install Mechanism
- okThere is no install spec and no code files, so nothing will be written to disk by default. The README shows optional manual install via a GitHub clone — if you follow that route, verify the repository and its contents before running any code.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. This is proportional to its stated purpose of generating handouts.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges. Autonomous invocation (disable-model-invocation: false) is the platform default and not itself a red flag here.