Product Share Trigger Reviewer
PassAudited by ClawScan on May 15, 2026.
Overview
This is a coherent review-only skill, but if used in a code repository it may run a local check script and edit project review or release files, so those actions should be reviewed.
This skill appears safe to install as an instruction-only product reviewer. Before letting it act inside a repository, confirm any `scripts/check_product_share_gate.py` file is trusted and review changes to scripts, package files, or release checks. Do not provide private community data, credentials, payment data, or customer exports.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If allowed, the agent may execute a local repository script with the user's normal permissions.
The skill tells the agent to run a project-local Python validation script. This is consistent with repo review workflows, but the script is not bundled in the reviewed skill artifacts.
python3 scripts/check_product_share_gate.py
Only run the check in repositories you trust, and inspect the local script first if the repository is unfamiliar.
The agent could alter project validation or release workflow files when it has write access.
The skill can direct the agent to modify repository files and release checks. This is purpose-aligned, but it changes project behavior and should be user-reviewed.
When editing a repo, also update the local review artifact if one exists: ... `scripts/check_product_share_gate.py` ... `package.json` scripts ... inventory or release checks
Review all repository diffs before committing or publishing changes made under this skill.