Back to skill
Skillv1.0.0
ClawScan security
Amgen Inc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 24, 2026, 9:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only, read-only company overview of Amgen and does not request credentials, install software, or perform actions beyond providing static content.
- Guidance
- This skill appears to be a simple informational overview of Amgen and is internally consistent and low-risk. Before relying on it for important decisions, note that the skill's source/homepage is unspecified — verify any facts, dates, or financial figures against authoritative sources. Because it is instruction-only and asks for no credentials or installs, it does not pose the usual risks of code-executing or credential-exfiltrating skills.
Review Dimensions
- Purpose & Capability
- okThe skill's name, description, and SKILL.md all present a company overview and historical/business analysis of Amgen; there are no unrelated requirements or capabilities requested.
- Instruction Scope
- okSKILL.md contains static informational content and a small 'read_when' trigger list. It does not instruct the agent to read files, access environment variables, call external endpoints, or perform system actions outside the stated purpose.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes the risk of arbitrary code being written or executed on the host.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The lack of secrets or external service access is proportionate to a static informational skill.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges or modify other skills/configuration. Autonomous invocation is allowed by default but the skill's scope is read-only content.