Skillv1.0.0

ClawScan security

Generate Market Research Ad Creative Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 28, 2026, 12:17 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (create ad creative briefs) matches its instructions and has no requested credentials or installs, but there are small inconsistencies and a vague instruction plus an explicit allowance for Bash/Read tooling that could permit broader data access than needed.
Guidance: This skill appears to be what it says — an authoring helper for ad creative briefs — and it requests no keys or installs. However, before installing or enabling it: 1) verify the source: README references a GitHub repo (qiaomucom) and SKILL.md references SkillBoss/SkillBoss capabilities; these owner/homepage references don't clearly match the registry owner — confirm the canonical source. 2) Check runtime tool permissions: SKILL.md includes 'allowed-tools: Bash, Read' which could let the agent read local files or environment variables. If you don't want the skill to have file or shell access, restrict those tools or disallow autonomous execution. 3) Review produced outputs before publishing (the skill itself recommends this). 4) If you need higher assurance, ask the publisher for a link to the published source code or a signed package; absence of a clear, trusted upstream repo lowers confidence. If you want me to, I can: a) fetch the referenced GitHub repo and compare contents to SKILL.md, or b) provide a version of the skill with Bash/Read removed from allowed-tools.

Purpose & Capability: okName, description, and workflow align: the skill is an instruction-only authoring helper for market-research ad creative briefs and does not request unrelated credentials or binaries.
Instruction Scope: noteSKILL.md is mostly scoped to producing briefs, but it includes the vague directive 'Use the relevant SkillBoss capabilities to enrich assets or supporting data.' It also declares allowed-tools: Bash, Read. That combination gives the agent latitude to run shell commands and read files to gather 'supporting data' (e.g., local files, environment variables) which is broader than strictly necessary for drafting copy and visuals.
Install Mechanism: okNo install spec and no code files — instruction-only skills have the lowest install risk. README suggests manual GitHub cloning, but no install is required by the registry entry itself.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate. However, because SKILL.md permits Bash and Read tools, an agent could still access local environment variables or files at runtime unless the runtime enforces strict tool/permission controls. This capability is not declared or justified in the doc.
Persistence & Privilege: okalways:false and no special persistence or system-wide modifications requested. disable-model-invocation is false (normal); nothing requests permanent elevated privileges.