Back to skill
Skillv1.0.0
ClawScan security
Byd Auto · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 1:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only informational skill about BYD with no installs, no requested credentials, and no instructions that access files or external endpoints — its declared purpose matches its contents.
- Guidance
- This skill is a self-contained informational document about BYD. Before installing, consider: (1) provenance — source and homepage are unknown, so verify factual claims (dates, sales, figures) against trusted sources; (2) accuracy/timeliness — numbers (sales, revenue, factory locations) may be outdated or simplified; (3) data handling — the skill itself does not request secrets, but avoid pasting private credentials or proprietary documents into prompts when using any third‑party skill. If you need provenance guarantees or up-to-date data, prefer skills that cite sources or connect to authoritative APIs.
Review Dimensions
- Purpose & Capability
- okName and description (analysis of BYD's development, tech, and market strategy) align with the SKILL.md content. The skill does not declare or request capabilities beyond delivering textual/company analysis.
- Instruction Scope
- okSKILL.md contains static guidance, timelines, and analysis. It does not instruct the agent to read local files, call external endpoints, access environment variables, or transmit data elsewhere. The 'read_when' list is limited to topical triggers and does not grant broad discretionary data collection.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or downloaded at install time. This is the lowest-risk install profile.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There are no unexpected secrets requested.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges. It does not modify other skills or agent-wide configuration. Note: agent autonomous invocation is platform default but not combined with other red flags here.