ClawHub
Back to skill
v1.0.5

Action Suggester

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:58 AM.

Analysis

This instruction-only skill appears benign: it drafts follow-up suggestions for review and explicitly says not to send, execute, store, or approve actions.

GuidanceThis skill looks suitable for generating non-binding follow-up recommendations, but treat lead names and phone numbers as sensitive business/customer data and review suggestions before anyone calls, emails, visits, or updates a system.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The skill's public provenance is limited. This matters for trust decisions, though the artifact set is instruction-only and includes no executable code, install script, or dependency chain.

User impactYou have less external provenance information about who maintains the skill, but there is no code-install behavior shown here.
RecommendationInstall only if you trust the registry publisher and the plain-language instructions match your intended use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
references/action-input.schema.json
"required": ["lead_id", "name", "phone"]

The skill is designed to process lead records that include personal contact details in the model context. The artifacts do not show storage, external transmission, or reuse, and this data is aligned with the follow-up suggestion purpose.

User impactLead names and phone numbers may be included in prompts or context while generating suggestions.
RecommendationUse only lead data you are authorized to process, and avoid including unnecessary personal details beyond what is needed for the suggestion task.