Founder Signal
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the generated review content could become public on Draft.
Publishing a public Draft page is a high-impact external action, but the artifact clearly requires explicit user confirmation before invoking the publishing tool.
Public Draft publication requires explicit confirmation before the downstream draft-cli skill is invoked.
Review daily-review.md or the shown preview carefully before approving any public Draft publication.
Installing the skill also installs and runs an external Draft CLI package locally.
The skill relies on an external npm-installed CLI for Draft integration. This is disclosed and purpose-aligned, but it introduces dependency provenance and update trust considerations.
node | package: @innosage/draft-cli | creates binaries: draft
Install only if you trust the Draft CLI package source and review package provenance or versioning controls if your environment is sensitive.
Local artifacts may contain product positioning details, source-post text, and research history that future runs may rely on.
The skill intentionally stores product profile data, evidence snapshots, run artifacts, and candidate history for reuse and traceability.
Every run must persist a run folder... The import step writes an internal runtime profile under `profiles/` plus a normalized canonical copy under `config-imports/`.
Avoid putting secrets or confidential strategy in configs or snapshots, and periodically review or delete old profiles, runs, logs, and history if needed.