Back to skill
Skillv1.0.0
ClawScan security
Bank Of America · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 4:56 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a simple, instruction-only informational skill about Bank of America; it has no installs, no requested credentials, and its content matches its stated purpose.
- Guidance
- This skill is informational and appears safe to install from a technical-permission perspective because it requests no credentials or installs nothing. Consider whether you trust the unknown source and remember the content is static — verify any critical facts (financial figures, histories) from authoritative or up-to-date sources before relying on them. If provenance or freshness of data matters, prefer skills or sources that cite their references or update timestamps.
Review Dimensions
- Purpose & Capability
- okThe skill name and description (Bank of America overview) match the SKILL.md content, which is static informational text about the bank. Nothing requested or installed is out of scope for an informational reference skill.
- Instruction Scope
- okSKILL.md provides static content and a small 'read_when' trigger for context. It contains no instructions to read system files, access environment variables, call external endpoints, or transmit user data.
- Install Mechanism
- okNo install specification and no code files are present; this is instruction-only so nothing is written to disk or downloaded at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential or secret access requested.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed by default but the skill's scope is informational and does not broaden privileges.