Back to skill
Skillv1.0.1
ClawScan security
landing-page-roast · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 3:50 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with a landing-page audit tool: it requires no credentials or installs and the SKILL.md stays on-task.
- Guidance
- This skill appears coherent and low-risk: it only needs a page URL or pasted copy and returns audit suggestions. Before using it, avoid pasting sensitive information (API keys, private customer data, auth tokens) into the input. If you provide a URL, confirm whether your agent will fetch the page directly (and whether it will send cookies or authenticated requests); prefer public pages or sanitized copies. Finally, review any suggested copy or A/B tests yourself before publishing — the skill aids decision-making but should not be treated as authoritative without human review.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: the skill asks for a page URL or pasted copy and produces audit scores, prioritized fixes, and rewrites. It requests no binaries, env vars, or config paths—proportional for a copy/UX audit.
- Instruction Scope
- okSKILL.md stays within the stated domain (clarity, audience fit, offer strength, trust, friction, objections) and defines concrete outputs. It does not instruct the agent to read unrelated files, environment variables, or send data to unknown endpoints. One minor ambiguity: it accepts a URL but doesn't specify whether the agent should fetch the page itself or expect pasted content; this is a usability note, not a security issue.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill with no disk writes or downloaded artifacts, which is the lowest-risk installation profile.
- Credentials
- okNo credentials, tokens, or config paths are requested. The required inputs (URL/copy, audience, conversion action, offer details) are appropriate and minimal for the stated purpose.
- Persistence & Privilege
- okDoes not request always:true or any elevated persistence. Default autonomous invocation is permitted by platform policy but, on its own, does not introduce additional incoherence with the skill's purpose.