Back to skill
Skillv1.0.0
ClawScan security
Quick Proposal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 10:40 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only template generator for project proposals; its declared purpose matches the instructions and it requests no credentials, installs, or elevated privileges.
- Guidance
- This skill is a straightforward, instruction-only template for generating project proposals and poses minimal technical risk. Before using: (1) replace placeholder contact and pricing fields with your real values and verify estimates — the skill only formats content and may not produce accurate cost/time figures; (2) avoid pasting sensitive client data into prompts (no exfiltration is requested, but it's good practice); (3) confirm any vendor mentions (e.g., 阿里云) are appropriate for your region; (4) if you need integrations (CRM, billing, or cloud APIs), prefer a skill that explicitly declares and justifies those credentials.
Review Dimensions
- Purpose & Capability
- okThe name and description (auto-generate proposal templates, estimates, risk analysis) match the SKILL.md content. There are no extra binaries, environment variables, or config paths requested that would be unrelated to generating text templates.
- Instruction Scope
- okThe SKILL.md contains only formatting guidance, example prompts, and a sample proposal output. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect system data beyond producing text—no scope creep detected.
- Install Mechanism
- okNo install specification or code files are present (instruction-only). This is the lowest-risk model because nothing is written to disk or downloaded.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. No sensitive secrets are requested or implied by the instructions.
- Persistence & Privilege
- okalways is false and there are no requests to modify other skills or system-wide settings. The skill does not ask for persistent presence or elevated privileges.