Back to skill
Skillv1.0.2
ClawScan security
wanxiang-gtm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 12:13 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only GTM / marketing-content generator whose declared purpose, runtime instructions, and required resources are consistent and proportionate; no installs, credentials, or unusual behaviors are requested.
- Guidance
- This skill is low-risk: it only contains instructions for generating GTM and marketing content and requests no installs or credentials. Before enabling, consider: 1) test with non-sensitive example prompts to verify output style and quality; 2) avoid pasting proprietary or personally identifiable information into prompts if the agent routes data to external LLMs; 3) review generated materials for factual accuracy, legal/compliance fit, and sensitive wording (hallucinations and tone issues are common with content-generation tools). If you need stricter data controls, only use this skill with an internal model or after confirming data handling policies.
Review Dimensions
- Purpose & Capability
- okThe name and description describe a GTM/marketing material generator for enterprise features, and the SKILL.md contains instructions that match that purpose. The skill does not request unrelated tools, credentials, or system access.
- Instruction Scope
- okSKILL.md is narrowly scoped: it instructs the agent to act as a GTM marketing consultant and generate sales/PR/customer-facing materials based on feature descriptions. It does not instruct the agent to read files, environment variables, system state, or transmit data to any external endpoint.
- Install Mechanism
- okNo install spec or code files are present. Being instruction-only means nothing is written to disk and there is minimal attack surface from installation.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — consistent with a content-generation helper. No excessive secrets or unrelated service tokens are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or cross-skill privileges. It does not modify agent configuration or request elevated system presence.