Back to skill
Skillv1.0.0
ClawScan security
Bms Bristol Myers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 9:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only, instruction-only informational skill about Bristol Myers Squibb; it requests no credentials, installs nothing, and its content matches its description.
- Guidance
- This skill is informational and low-risk: it contains static content about BMS and asks for no credentials or installs. The only minor caveat is that the package source/homepage is unknown — the content itself appears benign, but if you need authoritative or up-to-date financial/clinical data, cross-check with official filings or trusted sources. If the skill later requests network access, credentials, or to run code, re-evaluate before granting those permissions.
Review Dimensions
- Purpose & Capability
- okThe name and description promise an analytical summary of BMS strategy and history, and the SKILL.md contains exactly that content. No unrelated binaries, env vars, or config paths are requested.
- Instruction Scope
- okSKILL.md is static guidance and historical analysis (timeline, commercial analysis, facts). It does not instruct the agent to read local files, access environment variables, install software, or transmit data to external endpoints.
- Install Mechanism
- okThere is no install specification and no code files; nothing will be written to disk or downloaded during installation.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — proportional to an informational skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent privileges or modify other skills or system configuration.