Back to skill
Skillv1.0.0
ClawScan security
Absolut Vodka · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 9:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides a brand profile of Absolut Vodka; it requests no credentials, installs, or special permissions and its content matches the stated purpose.
- Guidance
- Technical risk is low because this is a read-only, instruction-only skill with no installs or credential access. Before installing, consider: (1) the skill's Source/Homepage are unknown — verify factual accuracy if you need authoritative information (company facts, acquisition details, production numbers); (2) brand-content can include copyrighted material or inaccurate claims, so don't rely on it for legal, regulatory, or medical advice; (3) if you plan to let agents invoke skills autonomously, decide whether you want this skill to be used without explicit user confirmation (it is user-invocable and model-invocation is enabled by default). Overall the skill appears coherent with its stated purpose.
Review Dimensions
- Purpose & Capability
- okThe skill name and description promise a deep-dive on Absolut Vodka; the SKILL.md contains historical, production, advertising, and business information consistent with that purpose. There are no unrelated dependencies, environment variables, or binaries requested.
- Instruction Scope
- okSKILL.md is purely content (brand profile) with read_when triggers for when the agent should use it. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect/transmit user data beyond normal agent behavior.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills have the lowest disk/execution risk. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential request relative to the claimed functionality.
- Persistence & Privilege
- okFlags show always:false and user-invocable:true. The skill is allowed to be invoked by the model (the platform default) but it does not request permanent or elevated privileges or modify other skills/config.