Back to skill
Skillv1.0.1
ClawScan security
Arcteryx · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 5:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only content pack about the Arc'teryx brand, requests no credentials or installs, and its runtime instructions are consistent with the stated purpose.
- Guidance
- This skill is a static informational pack and is low-risk: it asks for no credentials, binaries, or installs. Before enabling, note that the registry source/homepage are not provided (provenance unknown) — review the content for accuracy and decide whether you trust the anonymous owner. Also remember the agent may invoke the skill autonomously by default (normal behavior); because this skill is read-only content, that is low risk but review any decisions that rely on automated outputs for correctness.
Review Dimensions
- Purpose & Capability
- okName, description and SKILL.md content all describe brand research (history, positioning, data). The skill does not request unrelated capabilities, binaries, or credentials.
- Instruction Scope
- okSKILL.md contains static brand research and a small 'read_when' trigger list for when to use the content. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect unrelated system data.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk and no external packages are fetched.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths; the level of access requested is minimal and proportionate to an informational skill.
- Persistence & Privilege
- okalways is false and the default autonomous invocation is allowed (platform default). There is no indication the skill requests elevated or persistent system privileges or modifies other skills' configs.