Back to skill
Skillv1.0.0
ClawScan security
American Express · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 4:56 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only, instruction-only informational skill about American Express with no installs, credentials, or privileged actions requested — it appears to do what it says.
- Guidance
- This skill is an informational snippet about American Express and does not request access to secrets or install code. The source/homepage are unknown — treat the content as unaffiliated and verify any financial figures or advice against official Amex material before relying on it for decisions.
Review Dimensions
- Purpose & Capability
- okName/description (Amex information) match the SKILL.md content (company history, features, and stats). Nothing requested (no env vars, no binaries) is out of scope for an informational reference.
- Instruction Scope
- okRuntime instructions are static content and a simple 'read_when' trigger for queries about American Express or industry context. There are no commands, file reads, network exfiltration steps, or vague 'gather whatever context' directives.
- Install Mechanism
- okNo install spec and no code files. Because the skill is instruction-only, nothing is written to disk or downloaded — lowest-risk model for install behavior.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate access requested relative to the stated purpose.
- Persistence & Privilege
- okFlags show normal defaults (always: false, user-invocable, model invocation allowed). The skill does not request permanent presence or system-wide configuration changes.