Back to skill
Skillv1.0.0
ClawScan security
Canonical · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 5:06 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill about Canonical/Ubuntu; its stated purpose matches the content and it requests no credentials, installs, or system access.
- Guidance
- This skill is informational and appears coherent with its description. Before installing, consider: (1) the content may be static or out of date—verify important facts from authoritative sources; (2) because it is an instruction-only skill, it does not request credentials or install software and poses minimal technical risk; (3) if you allow autonomous agent invocation, the agent could use the skill to generate outputs, but the skill itself does not access your system or secrets.
Review Dimensions
- Purpose & Capability
- okThe skill name and description describe Canonical/Ubuntu and the SKILL.md is an informational overview that matches that purpose. There are no unrelated required binaries, env vars, or config paths.
- Instruction Scope
- okSKILL.md contains only descriptive content and a short 'read_when' list (research topics). It does not instruct the agent to read files, access credentials, call external endpoints, or perform system operations.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills write nothing to disk and carry minimal risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; there is nothing disproportionate to the stated informational purpose.
- Persistence & Privilege
- okalways is false and there is no request for elevated or persistent system presence. Note: disable-model-invocation is false (the platform default), so the agent could invoke the skill autonomously, but that is expected and not a concern here given the skill's read-only informational nature.