Back to skill
Skillv1.0.0
ClawScan security
At T · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 9:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only informational skill providing a static summary of AT&T; it requests no credentials, installs nothing, and its behavior matches its stated purpose.
- Guidance
- This skill is a static informational summary and appears safe to install. Before relying on its facts, verify time-sensitive data (user counts, revenue, regulatory events) against authoritative, up-to-date sources. Because it is an instruction-only skill, it will not access your environment or secrets — still avoid trusting it for real-time telemetry, account actions, or sensitive decisions.
Review Dimensions
- Purpose & Capability
- okThe skill name/description and SKILL.md content all describe AT&T corporate history, competitive context, and strategy. Nothing in the package requests unrelated capabilities (no env vars, binaries, or config paths).
- Instruction Scope
- okSKILL.md contains a short summary, read_when triggers, and a factual write-up. It does not instruct the agent to read arbitrary files, access environment variables, call external endpoints, or transmit data outside the agent. The content is static and scoped to AT&T-related topics.
- Install Mechanism
- okThere is no install spec and no code files; this instruction-only skill writes nothing to disk and installs nothing.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There are no secret-like environment entries requested, so credential access is proportionate (none).
- Persistence & Privilege
- okalways is false and the skill is user-invocable. Model invocation is allowed (platform default) but there are no additional privileges or requests to modify other skills or system config.