Back to skill
Skillv1.0.0
ClawScan security
Bond · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 2:30 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only, content-focused assistant about bonds and its requirements and behavior are consistent with that purpose, but its unknown provenance and lack of a homepage lower confidence.
- Guidance
- This skill appears coherent for providing explanations about different kinds of bonds and does not request credentials or install anything. Before installing, consider: (1) provenance — the skill's source and homepage are unknown, which reduces confidence in accuracy and update cadence; prefer skills from known publishers for critical topics. (2) Do not treat outputs as professional advice — verify any legal or investment guidance with a licensed attorney or financial advisor in your jurisdiction. (3) Avoid pasting sensitive personal or account data into conversations with the skill, since platform logs or transcripts may persist. (4) If you rely on this skill heavily, periodically validate its content against up-to-date, authoritative sources because instruction-only skills can become outdated.
Review Dimensions
- Purpose & Capability
- okName and description (explaining financial, surety, bail, and contract bonds) match the SKILL.md content. The skill requests no binaries, env vars, or installs — consistent with a read-only explanatory skill.
- Instruction Scope
- okSKILL.md is purely explanatory content for the agent to use when answering user questions; it does not instruct the agent to read files, call external endpoints, or access credentials. No scope creep detected in the provided instructions.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This is the lowest-risk installation model — nothing is written to disk or downloaded by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There is no request for sensitive access that would be out of proportion to an informational skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges. disable-model-invocation is false (normal), so the agent may invoke it autonomously — this is expected for a content skill and is not combined with any other concerning privileges.