Skillv1.0.0

ClawScan security

Generate Finance Ad Creative Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 11:15 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only helper for creating finance ad creative briefs and its declared requirements are proportionate to that purpose, but there are small provenance and vagueness issues to check before installing.
Guidance: This appears to be a straightforward, instruction-only skill for drafting finance ad briefs. Before installing or enabling it: (1) verify the provenance — the README points to a different GitHub/ClawHub name than the registry metadata (could be a typo or fork); (2) confirm what SkillBoss capabilities the skill will call when it asks you to “enrich assets” (these could access other data or external services); (3) be aware that allowed-tools includes Bash — although the SKILL.md is high-level, allowing shell execution increases what the agent could do if combined with vaguer runtime instructions; and (4) always review generated creative and any automated outputs before publishing. If you want higher assurance, ask the publisher to clarify the repo/owner mismatch and to provide a minimal, explicit list of SkillBoss capabilities the skill will invoke.

Review Dimensions

Purpose & Capability: noteThe name/description (generate finance ad creative briefs) matches the SKILL.md content: high-level workflow, SEO keywords, and use of chat + image_generation APIs. No unrelated binaries, env vars, or config paths are requested. Minor inconsistency: README references a GitHub repo and a ClawHub package name (qiaomu-generate-finance-ad-creative-brief) that do not match the registry metadata (owner/slug: toby-...). This could be a benign packaging/documentation error but is worth verifying.
Instruction Scope: noteSKILL.md is high-level and stays within ad-creative brief generation. It does not instruct reading system files, environment variables, or transmitting data to unexpected endpoints. It does include vague guidance to “Use the relevant SkillBoss capabilities to enrich assets or supporting data,” which grants broad discretion to the agent at runtime — verify what SkillBoss capabilities will be invoked and what data they access. Allowed-tools lists Bash and Read; the doc itself does not contain shell commands, but allowing Bash in runtime increases what the agent could run if combined with vague instructions.
Install Mechanism: okNo install spec and no code files — instruction-only skills are low-risk since nothing is written to disk by the skill itself. README includes manual install commands referencing a GitHub repo; those are optional user steps and not part of an automated install spec.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Using image_generation and chat APIs is expected for the described purpose; platform-managed credentials would apply but the skill itself is not requesting secrets.
Persistence & Privilege: okalways is false, user-invocable is true, and autonomous invocation is allowed (platform default). Nothing in the skill requests persistent system-wide changes or modifies other skills' configuration.