Skillv1.0.0

ClawScan security

Retirement · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 4:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only retirement-planning assistant whose stated purpose aligns with its contents and it does not request credentials, install code, or require system access.
Guidance: This skill appears coherent and safe in design: it is a text-only retirement planner that asks for personal financial inputs and performs calculations. Before using it, consider: do not paste or type full account credentials, passwords, or bank routing numbers into the chat; limit shared personal identifiers (SSN, full account numbers); verify any tax or legal recommendations with a qualified professional in your jurisdiction; because the skill's source and homepage are 'unknown/none', consider whether you trust the publisher before submitting sensitive personal data. If you need automated access to accounts (banking, brokerage) prefer vetted integrations with explicit OAuth flows rather than copy-pasting credentials into a conversational skill.

Review Dimensions

Purpose & Capability: okThe name and description (retirement planning, savings analysis, tax-aware account guidance) match the SKILL.md content; it does not declare any unrelated requirements (no binaries, env vars, or install steps), so there is no apparent mismatch between purpose and requested capabilities.
Instruction Scope: okSKILL.md is prose describing how the skill frames retirement planning, sensitivity analysis, account types, and behavioural coaching. There are no instructions in the provided content that tell the agent to read system files, access environment variables, call external endpoints, or perform actions outside a conversational planning context. The skill will reasonably ask users for personal financial inputs (income, expenses, goals) — which is expected for its purpose.
Install Mechanism: okNo install specification and no code files are present; this is an instruction-only skill. That is the lowest-risk install profile and is proportionate to the claimed functionality.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. For a retirement-planning conversational skill, this is appropriate and proportionate.
Persistence & Privilege: okThe skill is not set to always:true (default false) and does not request elevated or persistent platform privileges. Model invocation is enabled (default) which is normal; there are no instructions indicating modification of other skills or system configuration.