Skillv1.0.0

ClawScan security

Blockbuster Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 5:10 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that provides an analytical write-up about Blockbuster's failure to adopt streaming; it requests no credentials, runs no installs, and its declared purpose matches its instructions.
Guidance: This skill appears coherent and low-risk: it’s a static article-style skill that won’t execute code or access your system. Before relying on its claims, verify cited facts (dates, revenue figures, the $50M offer, Netflix valuation, and the current count of Blockbuster locations) because the SKILL.md provides no source citations. If you need reproducible research or primary-source references, ask the skill author to add citations or link to sources.

Purpose & Capability: okThe name and description promise an analysis of Blockbuster vs. Netflix; the SKILL.md is an article and metadata for when to read it. There are no extraneous requirements (no binaries, env vars, or config paths) that would be unrelated to that purpose.
Instruction Scope: okSKILL.md contains only background, timeline, analysis, and read_when guidance. It does not instruct the agent to read system files, access environment variables, call external endpoints, or perform any I/O beyond producing text, so scope is appropriate to the stated task.
Install Mechanism: okNo install spec and no code files are present. As an instruction-only skill, nothing is downloaded or written to disk; this is the lowest-risk install profile.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate or unexplained access to secrets or external services.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent presence or privileged system modifications, so there is no elevated runtime privilege.