Back to skill
Skillv1.0.0
ClawScan security
Generate Recruiting Ad Creative Brief · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 2:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with its stated purpose (creating recruiting ad creative briefs); it is instruction-only, requests no secrets, and has no install steps or code to run.
- Guidance
- This skill appears coherent and low-risk: it only contains instructions for drafting recruiting ad briefs and asks for no secrets or installations. Before installing, you may want to: 1) verify the skill's source/owner (registry metadata and README references use different slugs/names, which is likely a documentation inconsistency), 2) confirm you are comfortable with the agent using platform chat/image generation capabilities, and 3) keep human review in your workflow to check for biased or legally sensitive content. If you later see an install script or code files added, review those for network endpoints or requests for credentials before enabling the skill.
Review Dimensions
- Purpose & Capability
- okName/description match the content of SKILL.md. Declared capabilities (chat, image_generation) align with producing creative briefs and visuals. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md provides a constrained workflow for drafting ad briefs and explicitly suggests human review for bias. It references using platform capabilities (chat, image_generation) and 'relevant SkillBoss capabilities' to enrich assets — this is vague but plausibly within scope. Allowed-tools lists Bash, but the instructions contain no shell commands or file reads, so runtime scope appears limited.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by the skill itself. README includes example manual install commands for a GitHub repo, but those are optional documentation and not part of an automated install spec.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. That is proportionate for a content-generation skill.
- Persistence & Privilege
- okDefaults are used (always: false, agent may invoke autonomously). No requests for permanent presence or modification of other skills/configs. Autonomous invocation is platform default and not a red flag here.