Back to skill
Skillv2.1.1
ClawScan security
Company Os · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 8:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only management framework for company operating systems (EOS/Scaling Up/OKR hybrids) and its requests and content are consistent with that purpose.
- Guidance
- This skill is an instruction-only playbook for company operating systems and appears internally consistent. Things to consider before installing: 1) The author/source is unknown — content is benign but provenance is limited. 2) The docs recommend using external tools (Notion, Miro, Google Docs, Ninety.io); do not provide API keys or service tokens to the agent unless you trust it and want it to create/update those documents automatically. 3) If you enable autonomous invocation for the agent, consider restricting integrations that allow write access to collaboration tools or calendars so the agent cannot post or change company documents without approval. 4) Review any outputs the skill creates (templates, accountability charts, scorecards) before sharing broadly. Overall: coherent and appropriate for its stated purpose.
Review Dimensions
- Purpose & Capability
- okName and description match the actual content: detailed guidance on accountability charts, scorecards, meeting rhythms, IDS, rocks, implementation steps and comparisons between frameworks. The skill does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okSKILL.md and reference docs are purely prescriptive (workshop steps, meeting agendas, templates, document suggestions). They do not instruct the agent to read local files, access environment variables, run commands, or transmit data to hidden endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- noteThe skill does not declare or require any environment variables or credentials. It references external collaboration tools (Notion, Miro, Ninety.io, Google Docs) as implementation options — if you later grant this agent tokens or integrations for those services, expect it could create/update documents. The skill itself does not request those secrets.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. The agent may invoke it autonomously by default (platform normal), but the skill does not seek elevated or permanent presence or modify other skills.