Back to skill
Skillv1.0.0
ClawScan security
Byd Company · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 3:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, read-only informational skill about BYD that requests no credentials, performs no installs, and contains no commands — its declared purpose matches its behavior.
- Guidance
- This skill appears low-risk: it only supplies static information about BYD and asks for no permissions. If you rely on the data for important decisions, verify facts with trusted sources (the skill has no homepage or source listed and the publisher is anonymous). Because it is user-invocable and has no install or credentials, there is no evident security exposure from enabling it.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description are an informational summary of BYD; the SKILL.md contains only company history, business analysis, and facts. There are no extra permissions, binaries, or credentials requested that would be out of scope for an informational skill.
- Instruction Scope
- okSKILL.md contains static content and 'read_when' triggers for when to present the information. It does not instruct the agent to run commands, read files, access environment variables, or contact external endpoints.
- Install Mechanism
- okNo install spec and no code files are present; nothing will be written to disk or fetched at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no indication of any need for secrets or external service access.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. Autonomous model invocation is permitted by platform default but the skill has no actions that would abuse that — it only supplies content when invoked.