Back to skill
Skillv1.0.52
ClawScan security
Ai Competitor Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 3:49 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, marketing-style description with no code, no installers, and no credential requests — it is internally coherent but extremely vague about runtime behavior.
- Guidance
- This skill appears to be only marketing text (no code, no credentials, no install). That makes it low-risk but also not actionable. Before installing or enabling it for autonomous use: 1) ask the publisher for a detailed SKILL.md that lists runtime steps, required APIs, and data handling; 2) request source code or an official homepage so you can review what it will actually do; 3) avoid enabling autonomous invocation until you confirm exactly how it will gather and transmit data; and 4) prefer running any unverified skill in a sandboxed environment or with limited permissions. Because the skill is so vague, I rated confidence as medium — more detail from the author would raise confidence.
Review Dimensions
- Purpose & Capability
- okName/description (AI competitor analysis) match the content: SKILL.md contains feature/target/ROI marketing claims. There are no declared binaries, env vars, or configs that conflict with the stated purpose.
- Instruction Scope
- noteSKILL.md contains only marketing and high-level capabilities (pricing, features, ROI) and provides no runtime instructions, commands, files to read, or endpoints to call. The lack of concrete instructions means the agent would need to rely on its own judgment to act — this is not malicious but is incomplete and grants broad, undefined discretion.
- Install Mechanism
- okNo install spec and no code files are present. This is the lowest-risk model (nothing will be written to disk by an installer).
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate access requested relative to the claimed capabilities.
- Persistence & Privilege
- okalways is false, user-invocable is true, and model invocation is allowed (defaults). This is normal; there is no automatic forced presence or evidence it modifies other skill/system configs.