FLWR Branding Studio Kit
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign branding-project helper, but users should notice that it creates local project files, processes private client documents, and has some packaging/documentation inconsistencies.
This skill is reasonable to install if you want a local branding workflow. Run its CLI only in the folder where you want project files created, verify whether the advertised `.agent` rules/templates are actually present, and only place client documents in `client_intel` that you are comfortable having the agent process. Do not create the ClawHub/GitHub token mentioned in the docs unless you are publishing the skill yourself.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some advertised rules, templates, anti-hallucination controls, or workflow automation may not actually be available after installation.
The supplied file manifest does not include these `.agent` or `scripts` directories, while the documentation says they are included; this suggests an incomplete package or stale documentation rather than hidden malicious code.
What's Included * `.agent/rules/`: The "brain" of the strategist ... * `.agent/workflows/` ... * `.agent/templates/` ... * `scripts/`: Automation tools
Verify the package contents before relying on the advertised templates, workflow rules, or context-shielding claims.
Running the CLI will modify the current workspace by creating a `clients/<Client_Name>/` project structure.
The CLI creates local project directories and copies template files when run; this is documented and aligned with the project setup purpose.
fs.mkdirSync(dir, { recursive: true }); ... fs.copyFileSync(srcFile, destFile);Run the CLI only from the workspace where you want the client project folders created.
If followed for publishing automation, the token may grant marketplace publishing authority from the GitHub repository.
Contributor automation documentation instructs a publisher to create and store a ClawHub token in GitHub Secrets. This is not used by the runtime skill, but it is credential-handling guidance.
Gere um novo token ... Name: `CLAWDHUB_TOKEN` ... Secret: Cole o token que você copiou
Only create this token if you are maintaining/publishing the skill, use the least privilege available, and revoke it if no longer needed.
Client briefings, transcripts, and PDFs placed in the project folder may be read into the agent context and reflected in generated outputs.
The skill intentionally processes user-supplied client documents and writes derived strategy files, which is expected for branding work but may involve private business data.
Upload your PDFs, briefings, or transcripts there. ... The agent will analyze the documents ... and fill the templates in `strategy_output`.
Use a separate folder per client, place only intended documents in `client_intel`, and review generated outputs before sharing them.