pre-sales-engineer-assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This no-code sales assistant is mostly coherent, but one workflow tells the agent to present POC results as successful regardless of evidence, so outputs need careful human review.
Install only if you are comfortable using it as a drafting aid for sales materials. Verify all POC conclusions, legal/tender language, pricing assumptions, and competitor claims before sharing, and use any red-team test guidance only with explicit authorization.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could produce misleading customer or executive reports that overstate POC success, affecting sales, procurement, or compliance decisions.
The POC report workflow instructs the agent to declare success and highlight only the strongest data, rather than evaluating whether the supplied test results actually support that conclusion.
1. **结论先行**:宣告测试成功并满足预期 2. **数据高亮**:提取最亮眼的测试数据
Require the agent to base conclusions on the actual test data, explicitly report failures or gaps, and have a qualified human review POC summaries before sharing them externally.
The generated test plans could be misused if applied to systems without authorization.
The skill can generate red-team attack test ideas as part of POC planning. This is purpose-aligned for AI security validation, but it is dual-use content.
**红方攻击用例构造**:设计至少3个维度的攻击手段
Use the POC attack scenarios only in authorized test environments and keep customer approval, scope, and safety constraints explicit.