Skillv1.0.0

ClawScan security

Generate Legal Services Ad Creative Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 12:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent with creating ad creative briefs and request no credentials, but small inconsistencies (notably README install instructions that reference a different repo/author and an unnecessary 'Bash' allowance) make the package worth closer review before installation.
Guidance: This skill appears to do what it says (generate ad creative briefs) and declares no secrets, which is good. Before installing or running it: 1) Be cautious about the README’s manual install commands — they point to a GitHub repo and install slug (qiaomu...) that don't match the registry owner metadata; if you plan to git-clone or run anything from that URL, inspect the repository contents first. 2) Consider whether you want the agent to have 'Bash' permission — SKILL.md doesn't need shell access, so you can restrict allowed tools to reduce risk. 3) Because the skill can be invoked autonomously by default, only enable it if you trust the source; otherwise disable autonomous invocation or require explicit user invocation. 4) If you will present outputs to clients, follow the skill’s own advice: perform human review and do not treat outputs as legal advice. If you want, provide the registry owner or upstream repository URL so the inconsistencies can be reconciled and the confidence increased.

Review Dimensions

Purpose & Capability: noteName/description match the SKILL.md instructions: produce ad creative briefs and optionally call chat and image_generation. However README installation text references a different install slug/user (qiaomu-generate-...) and a GitHub repo (qiaomucom) that does not match the registry owner metadata, which is inconsistent and suggests the package text may have been copied without updating.
Instruction Scope: noteSKILL.md is an instruction-only brief: it describes clarifying audience/goal, producing drafts, and using SkillBoss capabilities. It does not instruct reading local files or sending data to external endpoints. The file does list allowed-tools: Bash and Read — but the actual instructions do not require shell access or file reads, so the Bash allowance is broader than necessary.
Install Mechanism: concernThere is no install spec in the registry (lowest-risk). But README includes manual install commands that clone a GitHub repo (https://github.com/qiaomucom/...) and a clawhub install line with a different slug. If a user follows those README instructions they would fetch and run third-party code not present in the package manifest. That mismatch is a tangible risk and should be validated before following external install steps.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths — proportionate for a text/image brief generator. There are no hidden or undeclared env var uses in SKILL.md.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable. Autonomous invocation is allowed by default (disable-model-invocation:false) which is expected; nothing in the package attempts to modify other skills or persist elevated privileges.