Skillv1.0.0

ClawScan security

fundraising from top tier vc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 4:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches its stated goal, but its runtime instructions assume the agent will perform outreach (send pitch decks, attach files, contact investors) while the skill declares no mechanism, credentials, or safeguards for doing so — an incoherence that could expose sensitive data or lead to unintended external communications.
Guidance: Before installing, confirm how the skill will perform outreach: which service or connector it uses to send emails (SMTP, Gmail API, a third-party), and whether you'll need to provide credentials or grant access. If you do grant access, prefer read-only or tightly scoped permissions and require explicit confirmation before any outbound message is sent. Ask the author to: (1) document the exact mechanism for sending messages and attaching files; (2) remove or justify hard-coded example contact emails (they are PII and may be stale); (3) add safeguards so the agent only generates draft messages instead of sending them autonomously, unless you explicitly permit sending. If those clarifications aren't provided, avoid enabling autonomous outreach or supplying credentials.

Review Dimensions

Purpose & Capability: concernThe skill claims to perform investor discovery, ranking, and 'conduct structured outreach' (including sending pitch decks). However, the metadata declares no required binaries, credentials, or config paths for sending email or accessing contact lists. Either the agent platform provides those capabilities implicitly (not documented), or the skill's claimed capabilities exceed what it actually requests — a mismatch.
Instruction Scope: concernSKILL.md explicitly instructs the agent to send outreach emails, attach pitch decks, collect feedback, and include example investor contact info (a personal email). Those steps imply reading user files (pitch deck), accessing contacts or email accounts, and transmitting data to third parties, but the instructions do not specify how to do so or place limits on where data may be sent.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so it writes nothing to disk and doesn't pull remote binaries. Low installation risk.
Credentials: concernThe skill requires no environment variables or credentials but operationally needs access to user data (pitch deck) and likely email/CRM accounts to perform outreach. The absence of declared credential requirements is disproportionate to the outreach functionality described.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide modifications. The default ability for the agent to invoke the skill autonomously is unchanged; this is normal but should be combined with the other concerns before enabling autonomous sending.