Back to skill
Skillv1.0.0
ClawScan security
Campari · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:06 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, read-only informational skill about the Campari brand and aperitivo culture that requests no permissions or installs and is internally consistent with its description.
- Guidance
- This skill is a harmless, read-only informational document about Campari and does not request any credentials or install software. The source and homepage are unknown — if provenance matters to you, prefer skills from a known publisher or with a homepage. Because it can be invoked autonomously by agents (the platform default), consider whether you want the agent to access any third‑party skills automatically, but there are no other security concerns specific to this skill.
Review Dimensions
- Purpose & Capability
- okThe name and description (Campari brand/history/business) match the SKILL.md content. The skill does not request unrelated binaries, env vars, or access that would be inconsistent with providing informational content about a beverage brand.
- Instruction Scope
- okSKILL.md contains static, topical content (history, commercial analysis, facts). It does not instruct the agent to run commands, read files, access credentials, or transmit data to external endpoints. Scope stays within the stated purpose.
- Install Mechanism
- okNo install spec and no code files are provided; the skill is instruction-only, which minimizes filesystem and execution risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional for an informational/reference skill.
- Persistence & Privilege
- okSkill is not marked always:true and uses default invocation settings. It does not request persistent system privileges or modify other skills' configuration.