Skillv1.0.5

ClawScan security

Summary Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 2:47 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with its stated purpose (read-only lead summaries) with no installs or extra credentials requested, but it leaves some operational details (where/how read-only access is provided) unspecified.
Guidance: This skill appears coherent for producing read-only lead summaries. Before installing, verify: (1) how the agent runtime will provide read-only access to the intended lead storage (connectors, service account, or IAM role) and ensure those credentials are least-privilege; (2) that the runtime enforces the SKILL.md boundaries (no writes, no external sends, and no parsing of chat dumps); (3) whether the suggested chain (sentiment-priority-scorer -> summary-generator -> action-suggester) will not cause unintended follow-up actions, since this skill explicitly says not to suggest or execute follow-ups. Test the skill in a controlled environment with sample data containing PII to confirm it only returns the validated summary object and does not leak additional context.

Review Dimensions

Purpose & Capability: okName, description, and included schemas match: the skill validates date-range input, reads lead data in read-only fashion, aggregates the listed metrics, validates output, and returns a summary object. There are no unrelated environment variables, binaries, or installs requested that would be disproportionate to a summarization task.
Instruction Scope: noteSKILL.md stays narrowly scoped to read-only summarization and explicitly forbids writes, parsing chat dumps, extraction of new leads, follow-up actions, and outbound sends. It does instruct the agent to "Query lead storage using read-only access" but does not specify the data source or authentication method, leaving an operational gap that should be verified in the deployment environment.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded. This minimizes installation risk.
Credentials: noteThe skill requests no environment variables or credentials in metadata, which is proportionate. However, it expects read-only access to lead storage at runtime without declaring how credentials are supplied; confirm that the platform's connector model will provide only the intended read-only access and that no extra secrets are required or implicitly used.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or to modify other skills or system settings. It enforces 'fail closed' when read permissions are absent, which is appropriate.