Back to skill
Skillv1.0.0
ClawScan security
Aldi Group · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 4:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only informational skill about the ALDI Group; its declared requirements and runtime instructions are consistent with that purpose.
- Guidance
- This skill appears to be harmless informational content about ALDI and is internally consistent. If you choose to enable it, there are no credentials or install steps to be concerned about. As a general precaution, only install skills from sources you trust; if a future version requests environment variables, downloads, or an install step, reassess before proceeding. If you prefer the agent not to call skills autonomously, disable model invocation for skills in your agent settings.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all present descriptive corporate content about ALDI; no credentials, binaries, or unrelated requirements are requested.
- Instruction Scope
- okSKILL.md contains only static informational text and suggested 'read_when' contexts. It does not instruct the agent to read system files, access environment variables, run commands, or transmit data to third parties.
- Install Mechanism
- okNo install spec and no code files beyond the SKILL.md — instruction-only skills write nothing to disk and carry minimal installation risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested; this matches the skill's informational nature.
- Persistence & Privilege
- okSkill is user-invocable and not marked 'always'. Model invocation is allowed (platform default) but, given the skill's read-only content and lack of credentials/install steps, this is not a meaningful risk.