Back to skill
Skillv2.1.1
ClawScan security
Ma Playbook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 12:35 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a purely instructional M&A playbook (checklists and a 100-day integration plan) with no code, installs, or credential requests — its behavior matches its description.
- Guidance
- This skill is low-risk and purely advisory, but remember: (1) it is a template — validate legal, tax, and financial decisions with qualified advisors; (2) do not paste confidential deal documents or secrets into prompts when using the skill; (3) although it requests no credentials, be cautious about sharing sensitive company data with any agent; (4) if you prefer to prevent autonomous calls, restrict or review skill invocation in your agent settings before enabling it.
Review Dimensions
- Purpose & Capability
- okName/description (M&A strategy, due diligence, integration) align with the included SKILL.md and reference files; there are no unrelated binaries, env vars, or config paths requested.
- Instruction Scope
- okRuntime instructions are advisory checklists and process guidance for humans. The files do not instruct the agent to read local files, access external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec and no code files — this is instruction-only, so nothing is downloaded or written to disk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no disproportionate credential requests.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request permanent presence or system-wide configuration changes.