Safety Report

CRO / Chief Revenue Officer

Name: CRO / Chief Revenue Officer
Rating: 5 (6 reviews)
Author: ivangdavila

@ivangdavila

Optimize conversion rates with funnel analysis, A/B testing, statistical significance, and compliance-safe experiments.

691Downloads

1Installs

6Stars

2Versions

Security & Compliance1,716 Legal & Compliance738 Automated Testing538

Security Analysis

high confidence

Clean0.04 risk

The skill's instructions, files, and requirements are internally consistent with a CRO / A/B testing advisory and audit role; it is instruction-only, requests no credentials, and contains no hidden endpoints or install steps.

Feb 20, 20265 files1 concern

Purpose & Capabilityok

Name/description (conversion optimization, A/B testing, funnel audits) match the included guidance (audits.md, testing.md, tools.md, legal.md). References to analytics and experimentation platforms (GA4, Mixpanel, Optimizely, etc.) are appropriate for the stated purpose.

Instruction Scopeok

SKILL.md and supporting files limit the agent to audit, test design, statistical interpretation, compliance guidance, and recommended actions. There are no instructions to read unrelated system files, exfiltrate data, or call external endpoints outside of listing common third-party tools. The only operational ambiguity: 'implement winning variants' implies making changes/deploys, but the skill doesn't include automated deploy/install instructions or credentials—so the scope remains advisory.

Install Mechanismok

No install spec and no code files — instruction-only. This is low-risk: nothing is downloaded or written to disk by the skill itself.

Credentialsnote

The skill itself requests no environment variables or credentials (which is proportionate). In practice, using the recommended integrations will require API keys or access to analytics/experimentation platforms; the skill does not request or store these. Users should provide only minimal-scope credentials if they plan to let an agent take actions.

Persistence & Privilegeok

always is false and there is no install that persists components. The skill does not request elevated or system-wide privileges and does not modify other skills' configs. Autonomous invocation is enabled (platform default) but poses no additional incoherence by itself.

Guidance

This skill is an advisory, instruction-only CRO playbook and appears coherent. Before installing or letting an agent act on its recommendations: 1) Be cautious about granting any agent access to production systems — only supply minimal, scoped API keys (read-only where possible) and rotate them regularly. 2) If you allow the agent to 'implement' changes, require human approval and run changes on staging first. 3) Follow the legal.md guidance for EU/CA consent rules — do not run experiments that rely on cookies/identifiers without proper consent. 4) Log and document all tests and data sources (the skill emphasizes this; enforce it operationally). 5) If you integrate third-party tools, prefer official SDKs/APIs and audit their scopes; the skill itself does not include any downloads or hidden endpoints, so risk comes from granting access to external systems, not from the skill's content.

Latest Release

v1.0.1

Added Core Rules structure with statistical rigor and compliance guidelines.

More by @ivangdavila

DOCX

18 stars

Market Research

18 stars

Code

14 stars

Excel / XLSX

13 stars

Data Analysis

13 stars

Office

11 stars

Published by @ivangdavila on ClawHub