Back to skill
Skillv1.0.0
ClawScan security
Revenue Calculator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with a simple revenue-projection utility and do not request unrelated credentials or network installs.
- Guidance
- This skill is internally consistent and appears to just run local Python math to project revenue. Before installing, review the small scripts (scripts/revenue-calc.py and scripts/example.py) yourself to confirm they match your expectations (they do in this package). Note the package has no homepage or owner metadata beyond an ID—if provenance or maintainer trust matters for you, ask for source/author info. As always, run unknown code in a safe environment and avoid feeding sensitive credentials or real production data to a new skill until you’ve validated its behavior.
Review Dimensions
- Purpose & Capability
- okName and runtime instructions match the included Python revenue-calculation script. No unrelated binaries, env vars, or config paths are requested. Minor metadata gaps (no human-readable description/homepage) reduce provenance but do not contradict capability.
- Instruction Scope
- okSKILL.md limits actions to gathering pricing inputs, selecting a strategy, running scripts/revenue-calc.py, and producing tables/reports. It does not instruct reading unrelated files, accessing system credentials, or sending data to external endpoints.
- Install Mechanism
- okNo install spec — instruction-only plus small local scripts. No downloads, package installs, or archive extraction are specified.
- Credentials
- okNo environment variables, credentials, or config paths are required. The code operates on provided inputs and prints JSON; it does not access secrets or external services.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide configuration. It contains only local scripts and reference/docs; no privileged or persistent behaviour is requested.