Back to skill
Skillv2.1.1
ClawScan security
Culture Architect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 11:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that contains guidance and templates for building company culture; its requirements and runtime instructions are coherent with that purpose and it does not request secrets, install code, or perform external operations.
- Guidance
- This skill appears coherent and instruction-only, so the primary risks are operational/organizational rather than technical. Before installing or using it: (1) verify the author/source and license if provenance matters to you (SKILL.md says MIT but 'source' is unknown); (2) review and adapt templates to your legal/HR constraints and local labor laws; (3) when running surveys follow best practices called out in the playbook (ensure true anonymity, avoid collecting PII unless you have explicit reasons and secure storage); (4) treat the guidance as advisory — do not rely on it for legal or compliance decisions; and (5) inspect templates for any default language you wouldn’t want published publicly. No technical red flags were found.
Review Dimensions
- Purpose & Capability
- okName/description (culture design, assessment, templates) match the provided files (SKILL.md, playbook, and template). There are no unrelated binaries, credentials, or config paths requested.
- Instruction Scope
- okSKILL.md and the included markdown files are purely advisory (workshop steps, survey design, templates). They do not instruct the agent to read system files, access environment variables, call external endpoints, or transmit data outside the scope of culture work.
- Install Mechanism
- okNo install spec or code files are present; the skill is instruction-only so nothing is downloaded or written to disk during install.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. That aligns with its stated purpose of providing process and documentation templates.
- Persistence & Privilege
- okSkill flags are default (always: false, agent invocation allowed). It does not request permanent presence or modify other skills or system-wide settings.