Back to skill
Skillv1.0.0
ClawScan security
bechtel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 5:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only informational skill about Bechtel (company history, business model, megaprojects) with no installs, no requested credentials, and no instructions that access system data—its declared purpose matches what it asks to do.
- Guidance
- This skill is informational and low-risk: it contains static content about Bechtel and asks for no credentials or installs. The primary remaining considerations are provenance and accuracy — the skill's source/homepage is unknown, so verify any critical facts (financial figures, contract details, safety records) against authoritative sources before relying on them for decisions. If you need up-to-date or primary-source data, prefer official filings, company reports, or reputable news sources.
Review Dimensions
- Purpose & Capability
- okThe skill name, description, and SKILL.md all describe corporate/company research about Bechtel and EPC megaprojects. There are no unrelated requirements (no env vars, binaries, or config paths) requested, so the declared purpose aligns with the skill's footprint.
- Instruction Scope
- okSKILL.md contains static content (history, business model, analysis prompts) and a 'read_when' list indicating when to use the skill. It does not instruct the agent to read files, access environment variables, call external endpoints, or transmit data. Scope is limited to providing informational content.
- Install Mechanism
- okNo install spec and no code files are present. As an instruction-only skill, nothing will be written to disk or installed at runtime.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate access requested relative to the stated informational purpose.
- Persistence & Privilege
- okalways is false, and model invocation is not disabled (the platform default). The skill does not request elevated or persistent privileges and does not modify other skills or system configuration.