Generate Roofing Contractor Client Education Handout
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a simple roofing handout generator, but it asks for unnecessary shell access and has inconsistent installation/source references.
Before installing, confirm the exact trusted ClawHub package and GitHub repository, and consider denying or removing Bash access. Use the skill only with materials you intentionally provide, and review the generated handout before publishing or sending it to clients.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent invoking this skill could have local command execution available even though the task should only require drafting text, generating visuals, and possibly reading user-provided materials.
The skill is described as a handout-writing task, but raw Bash access is a broad local command capability and the workflow gives no need, scope, or approval conditions for using it.
allowed-tools: Bash, Read
Remove Bash from the allowed tools, or document a narrow, user-approved command set. Limit file reading to files the user explicitly selects for the handout.
A user following the README could install a different source than the one represented by the registry entry or package metadata.
The reviewed artifacts reference different package slugs and GitHub owners, so the installation path may not clearly match the reviewed skill.
Registry slug: `toby-generate-roofing-contractor-client-education-handout`; README: `clawhub install qiaomu-generate-roofing-contractor-client-education-handout`, `git clone https://github.com/qiaomucom/...`; package.json: `https://github.com/TobeyRebecca/...`
Verify the canonical ClawHub slug and GitHub repository before installing. The publisher should align the README, package.json repository, and registry metadata.