Generate Roofing Contractor Client Education Handout
AdvisoryAudited by Static analysis on May 2, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent invoking this skill could have local command execution available even though the task should only require drafting text, generating visuals, and possibly reading user-provided materials.
The skill is described as a handout-writing task, but raw Bash access is a broad local command capability and the workflow gives no need, scope, or approval conditions for using it.
allowed-tools: Bash, Read
Remove Bash from the allowed tools, or document a narrow, user-approved command set. Limit file reading to files the user explicitly selects for the handout.
A user following the README could install a different source than the one represented by the registry entry or package metadata.
The reviewed artifacts reference different package slugs and GitHub owners, so the installation path may not clearly match the reviewed skill.
Registry slug: `toby-generate-roofing-contractor-client-education-handout`; README: `clawhub install qiaomu-generate-roofing-contractor-client-education-handout`, `git clone https://github.com/qiaomucom/...`; package.json: `https://github.com/TobeyRebecca/...`
Verify the canonical ClawHub slug and GitHub repository before installing. The publisher should align the README, package.json repository, and registry metadata.