Back to skill
Skillv1.0.0
ClawScan security
Altria Tyco · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 2:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only analysis skill about Altria’s strategic shift; it requires no credentials, no installs, and its runtime instructions stay within the stated topic.
- Guidance
- This skill appears coherent and low-risk: it only contains topical analysis about Altria and asks for nothing from your system. Before installing, consider whether you need source citations and up-to-date numbers — the SKILL.md includes assertions (e.g., Juul losses, market share, dividend history) but no references. If you care about provenance, ask the publisher to add source links or require the agent to cite sources when presenting facts. If you prefer stricter control, keep autonomous invocation disabled for this skill so it runs only when you explicitly call it.
Review Dimensions
- Purpose & Capability
- okThe skill name and description promise an analysis of Altria's move from combustible tobacco to smoke‑free products. The SKILL.md contains timelines, business model notes, moat analysis and key data consistent with that purpose. No unrelated capabilities, binaries, or credentials are requested.
- Instruction Scope
- okSKILL.md is a self-contained guidance document (timeline, analysis headings, facts). It does not instruct the agent to read system files, access environment variables, call external endpoints, or collect unrelated data. The 'read_when' hints are topical and limited to research context.
- Install Mechanism
- okThere is no install spec and no code files. As an instruction-only skill, nothing will be written to disk or installed by the skill itself.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. This is proportionate for a research/analysis skill.
- Persistence & Privilege
- okalways is false and disable-model-invocation is false (the normal default). The skill does not request persistent system presence or modification of other skills. Autonomous invocation is allowed but not accompanied by elevated privileges or credential access.