Back to skill
Skillv1.0.0
ClawScan security
Bmw Motors · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 9:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a read-only, instruction-only content piece about BMW history and strategy; it makes no system requests, installs, or credential demands and is internally consistent with its stated purpose.
- Guidance
- This skill is an informational summary about BMW and appears safe: it has no code, no install, and asks for no secrets. However, the source/homepage are unknown — treat provenance cautiously (content may be unvetted or contain factual errors). If you need authoritative or up-to-date corporate data, cross-check with official BMW publications or reputable industry sources before using the information for decisions.
Review Dimensions
- Purpose & Capability
- okName and description promise background and analysis of BMW; the SKILL.md content is exactly that and the skill requests no binaries, credentials, or config paths — nothing extraneous is required.
- Instruction Scope
- okSKILL.md is static, informational content (timeline, business analysis, facts). It contains no runtime commands, file reads, environment access, or network endpoints; instructions do not ask the agent to collect or transmit data outside the skill's domain.
- Install Mechanism
- okNo install spec is present (instruction-only), so nothing is written to disk or fetched at install time — this is the lowest-risk model.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; there is no disproportionate access requested relative to its informational purpose.
- Persistence & Privilege
- okFlags are defaults (not always:true) and autonomous invocation is allowed by platform defaults; the skill does not request persistent system presence or modify other skills/configuration.