ClawHub
Back to skill
v0.1.0

Game Changing Features

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:32 AM.

Analysis

This is a coherent instruction-only product strategy skill, with only disclosed local project review and markdown output that users should be aware of.

GuidanceThis skill appears safe for its purpose. Before installing, be aware that it may inspect the current project/codebase for product context and save markdown analysis files under .claude/docs/ai; review those files before sharing or committing them, and verify any npx/GitHub installation command you choose to run.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Research the codebase, existing features, and product shape.

The skill may cause the agent to inspect local project files to support its product analysis. This is purpose-aligned, but users should know the skill is not purely conversational.

User impactThe agent may read project/codebase context to generate recommendations.
RecommendationUse it in the intended project workspace and avoid invoking it where unrelated private files could be included in the agent's context.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
README.md
npx add https://github.com/wpank/ai/tree/main/skills/writing/game-changing-features

The README documents an npx/GitHub installation path while the registry source is listed as unknown. This is a user-directed setup command, not hidden behavior, but source verification matters.

User impactInstalling from a remote URL or latest installer depends on the trustworthiness of that source at install time.
RecommendationPrefer the registry install path when available, or verify the GitHub repository and command before running npx-based installation.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Write all responses to `.claude/docs/ai/<product-or-area>/10x/session-N.md`

The skill persists generated analysis in a local .claude documentation path. This is disclosed and scoped, but the saved output could contain product or codebase observations.

User impactStrategy notes may remain in the project and could be reused, committed, or shared if the directory is not managed carefully.
RecommendationReview generated files before sharing or committing them, and keep sensitive internal details out of prompts when possible.