Back to skill
Skillv1.0.0
ClawScan security
Bristol Myers Squibb · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 6:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, read-only company profile of Bristol-Myers Squibb; it does not request credentials, install software, or instruct the agent to access unrelated system resources.
- Guidance
- This skill is a static company profile and appears safe to install from a technical-permission perspective because it asks for no credentials and performs no installs. However, it contains factual statements without cited sources and may be out of date; do not rely on it for financial or clinical decisions without verifying facts against authoritative sources. If you prefer explicit provenance, ask the publisher for citation links or prefer skills that fetch live data from reputable APIs.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md content are consistent: the skill provides a company overview, timeline, business model and facts about Bristol-Myers Squibb. There are no unrelated requirements (no binaries, env vars, or config paths).
- Instruction Scope
- okSKILL.md contains static content and a short read_when trigger list; it does not instruct the agent to read files, access environment variables, call external endpoints, or transmit data. Scope is limited to presenting corporate information.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or downloaded. Lowest-risk installation model (instruction-only).
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Requested privileges are proportional (in fact, none are requested).
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent presence or modify other skills or system settings.