Back to skill
Skillv1.0.0
ClawScan security
Blackrock Group · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 6:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, read-only research skill about BlackRock; it is internally consistent with its stated purpose and requests no extra permissions or installs.
- Guidance
- This skill is a static reference about BlackRock and appears safe from a security/coherence standpoint because it requires no installs, no credentials, and contains no runtime instructions that access system resources. Before relying on factual points (dates, AUM, fees), verify claims against authoritative sources because the SKILL.md does not cite primary references. If you require provenance or must avoid stale/incorrect financial data, prefer skills that cite sources or integrate with trusted financial data APIs.
Review Dimensions
- Purpose & Capability
- okThe name and description promise background and analysis about BlackRock and the SKILL.md provides static company history, business model, and analysis. The skill does not request unrelated binaries, credentials, or system access — everything requested aligns with a documentation/knowledge skill.
- Instruction Scope
- okSKILL.md contains static content and a 'read_when' trigger list for relevant research contexts. It does not instruct the agent to read files, access environment variables, call external endpoints, or transmit data outside the agent. There is no scope creep in the runtime instructions.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only and nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no secrets requested and no justification needed.
- Persistence & Privilege
- okThe skill is not force-included (always: false) and is user-invocable. Model invocation is allowed (the platform default) but, given the skill's read-only nature and lack of access to credentials or system resources, this presents minimal risk.