Skillv1.0.0

ClawScan security

Generate Real Estate Ad Creative Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 2:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its advertised purpose (creating real-estate ad briefs) but there are small inconsistencies (mismatched repo/owner/homepage metadata and unnecessary tool permissions) that warrant caution before installing.
Guidance: This skill appears to do what it claims (generate real-estate ad creative briefs) and has no requested credentials, but there are small red flags you should check before installing: - Verify the source: the registry metadata (owner/slug) does not match the README's GitHub repo/ClawHub name and the SKILL.md references a SkillBoss homepage — confirm which repository or publisher is the real source. Installing code from an unexpected repo increases risk. - Confirm tool permissions: the skill lists Bash and Read as allowed tools even though the instructions don't need them. If your agent grants file or shell access to skills, consider removing or restricting those permissions unless needed. - Clarify 'SkillBoss capabilities': ask what external capabilities or endpoints the skill will call to 'enrich assets' so you can judge whether data will leave your environment. - Review outputs before publishing: the SKILL.md itself advises review, which is good practice — do not let the skill auto-publish or auto-run external actions without explicit confirmation. If you cannot verify the true source or the intended external capabilities, avoid installing or running the skill with elevated permissions. If you can confirm the origin and remove unnecessary tool permissions, the risk is low.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and SKILL.md all focus on creating real-estate ad creative briefs and reference the chat and image_generation APIs — this is coherent with the stated purpose. Minor oddity: allowed-tools lists Bash and Read even though the instructions do not require shell or file access.
Instruction Scope: noteSKILL.md is instruction-only and stays within ad-creative planning; it does not instruct the agent to read local files or call external endpoints directly. However it contains a vague line 'Use the relevant SkillBoss capabilities to enrich assets or supporting data,' which grants wide discretion to call platform capabilities and could be used to fetch external data if the agent is allowed to — consider clarifying what external capabilities are expected.
Install Mechanism: okThere is no install spec (instruction-only), so nothing will be written or executed on install by default. README suggests optional manual git clone from a GitHub repo (a known host), which is normal, but the clone target (github.com/qiaomucom/...) and the ClawHub install name differ from the registry's owner/slug — likely a copy/paste or packaging inconsistency.
Credentials: okThe skill requests no environment variables, credentials, or config paths, which is appropriate for an instruction-only content generator. No secrets appear required.
Persistence & Privilege: okThe skill does not request always: true or other elevated persistence. It remains user-invocable and uses normal autonomous invocation defaults.