Skillv1.0.0

ClawScan security

Bayer Pharma · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 7:03 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a read-only, instruction-only skill that provides background information about Bayer; its requested surface (no env vars, no installs, no code) matches its stated purpose.
Guidance: This skill is an informational summary about Bayer and is internally consistent and low-risk: it doesn't install software or request credentials. However, note that the skill's source/homepage are not provided in the registry metadata—that reduces provenance and means you should not rely on it for up-to-date, authoritative, or clinical/legal advice. If you need current financials, regulatory status, or medical guidance, cross-check with official company filings, reputable news sources, or qualified professionals before acting on the information.

Purpose & Capability: okThe skill name/description (Bayer corporate overview) matches the SKILL.md content (company history, business lines, controversies). It requests no binaries, env vars, or other resources that would be unexpected for an informational skill.
Instruction Scope: okSKILL.md is a static informational document with a small 'read_when' guidance for when to present this content. It does not instruct the agent to read local files, access credentials, call external endpoints, or transmit user data.
Install Mechanism: okNo install specification and no code files are present, so nothing is written to disk or installed. This is the lowest-risk pattern.
Credentials: okThe skill requests no environment variables, credentials, or config paths. No sensitive access is required or implied.
Persistence & Privilege: okThe skill does not request always: true and has no mechanism to persist or modify other skill/system settings. It is user-invocable only.