Generate SaaS Growth Ad Creative Brief
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a marketing-brief prompt, but it grants broad local tools and has inconsistent install-source identities, so it should be reviewed before installation.
Only install after verifying the intended source repository and ClawHub slug. If you use it, consider removing Bash access, limit any file reads to files you explicitly provide for the campaign, and review generated ad materials before publishing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent could run local commands or read files even though the task should mostly be text and image-planning work.
The skill's stated job is creating an ad creative brief, but it grants shell execution and broad local file-reading capability without instructions that limit when or why those tools should be used.
allowed-tools: Bash, Read ... Plan campaign visuals and hooks for saas growth promotions.
Remove Bash unless it is truly required, restrict Read to user-selected campaign assets, and require explicit user approval before any command execution or file access.
A user following the README could install a different repository or package than the reviewed artifact.
The registry identity, README install command, manual GitHub clone URL, and package repository point to different owners or slugs, so the install source is ambiguous.
Registry slug: toby-generate-saas-growth-ad-creative-brief; README: clawhub install qiaomu-generate-saas-growth-ad-creative-brief / git clone https://github.com/qiaomucom/generate-saas-growth-ad-creative-brief.git; package.json: https://github.com/TobeyRebecca/generate-saas-growth-ad-creative-brief.git
Verify the exact ClawHub slug and GitHub repository before installing, and align README, registry metadata, and package.json to the same trusted source.