Back to skill
Skillv1.0.0
ClawScan security
Bosch Group · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 12:10 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only informational skill about Bosch Group with no code, no installs, and no requested credentials — its implementation is consistent with its stated purpose.
- Guidance
- This skill is coherent and low-risk: it only provides static informational content about Bosch and requires no credentials or installs. Before relying on the facts here, verify key figures and dates against trusted sources (company reports, reputable news) because informational skills can be out-of-date or contain minor inaccuracies. If you intend the agent to act autonomously using this skill, remember that autonomous invocation is platform-default — there is no added privilege requested by this skill specifically.
Review Dimensions
- Purpose & Capability
- okThe name/description claim to provide corporate history and analysis of Bosch; the SKILL.md content matches that purpose. There are no required binaries, environment variables, or config paths that would be unrelated to an informational/company-profile skill.
- Instruction Scope
- okThe SKILL.md contains a factual/company-history narrative and a 'read_when' trigger list describing when to use it. It does not instruct the agent to read local files, environment variables, system state, or to transmit data to external endpoints outside normal agent behavior.
- Install Mechanism
- okNo install specification and no code files are present (instruction-only). This is the lowest-risk model: nothing is written to disk and there are no external package downloads.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate or unexplained access requested for the stated informational purpose.
- Persistence & Privilege
- okThe skill is not marked 'always:true' and uses the platform defaults for invocation. It does not request elevated persistence or to modify other skills or system-wide settings.