Skillv1.0.0

ClawScan security

Generate Product Hunt Launch Assets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 1:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly instruction-only and aligns with generating Product Hunt assets, but there are provenance and tooling inconsistencies (unnecessary Bash permission, mismatched README/install hints) that warrant caution before installing or allowing autonomous use.
Guidance: This skill appears to do what it says (generate Product Hunt launch materials) and is low‑risk in that it requests no credentials and has no install step, but there are two small red flags you should address before enabling it: 1) provenance mismatch — the README references a different install slug and GitHub owner than the registry metadata and SKILL.md homepage; confirm the authoritative source/repo and publisher identity, and prefer a skill with a known repository or verified publisher; 2) tooling scope — the skill declares allowed-tools: Bash and a vague instruction to 'use SkillBoss capabilities', which could let the agent run shell commands or call external services; if you enable autonomous invocation, restrict the skill’s runtime permissions or test it in a sandbox first. If you need higher assurance, ask the publisher for the source repo or a signed release and for the author to remove unnecessary Bash/shell permissions.

Review Dimensions

Purpose & Capability: noteThe name, description, and SKILL.md all describe generating Product Hunt launch assets and assets-for-SaaS — that purpose matches the instructions (drafting copy, images, refining). However the skill references external 'SkillBoss' capabilities and declares allowed-tools: Bash which is not obviously required for text/image generation and is disproportionate to the stated goal.
Instruction Scope: noteThe SKILL.md instructions are narrowly focused (clarify audience, draft, enrich, refine) and do not request secrets or local files. They are somewhat vague about 'Use the relevant SkillBoss capabilities to enrich assets', which grants the agent broad discretion to call other services or tools; given the allowed-tools list includes Bash, that discretion could enable arbitrary shell actions unless constrained by platform policy.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk at install time — lowest risk from install mechanism.
Credentials: noteThe skill requests no environment variables or credentials, which is appropriate for its purpose. However README and SKILL.md provenance hints are inconsistent: README shows a different ClawHub install slug and a GitHub repo under a different owner (qiaomucom) while registry metadata lists a different owner/slug and no homepage — this mismatch weakens provenance and should be resolved before trust.
Persistence & Privilege: okalways:false (default) and autonomous invocation allowed (platform default). That is normal. No persistent or system-wide configuration changes are requested. Note: the declared allowed-tools (Bash) increases runtime capability but does not itself change persistence settings.