Generate Mortgage Broker Team Client Education Handout
PassAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: toby-generate-mortgage-broker-team-client-education-handout Version: 1.0.0 The skill bundle is a standard template designed to generate educational handouts for mortgage brokers. While it requests 'Bash' and 'Read' permissions in SKILL.md, which are high-privilege tools, there is no evidence of malicious code, data exfiltration, or harmful prompt injection. The workflow and instructions are consistent with the stated purpose of content generation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent could potentially read local files or run shell commands even though that is not necessary to draft a mortgage handout.
The declared tools allow local command execution and local file reads, but the stated workflow is only to create a client education handout using chat/image generation, with no scoping or approval guidance for those local tools.
allowed-tools: Bash, Read
Remove Bash and Read from the skill unless there is a specific, documented, user-approved need; prefer only chat/image-generation capabilities for this skill.
A user following the README could end up installing content from a different package or repository than the one being reviewed here.
The README points users to a qiaomu package/GitHub repository, while the reviewed registry metadata identifies a toby-prefixed slug; this could cause users to install or inspect a different source than the reviewed artifact.
clawhub install qiaomu-generate-mortgage-broker-team-client-education-handout ... git clone https://github.com/qiaomucom/generate-mortgage-broker-team-client-education-handout.git
Verify the intended ClawHub slug and repository before installing, and update the README so the install commands match the published registry package.