Back to skill
Skillv1.0.0
ClawScan security
Carlsberg · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 5:06 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only, instruction-only skill that provides background on Carlsberg and requests no binaries, credentials, installs, or system access — its declared purpose matches what it does.
- Guidance
- This skill is an instruction-only informational brief and appears safe to install: it asks for no credentials, runs no installs, and contains only static content. Before relying on specific figures (revenue, ownership percentages, dates), verify against authoritative sources because the SKILL.md may be simplified or out of date. If you later add features that fetch live data or integrate services, re-evaluate permissions and required credentials at that time.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: a factual/historical briefing about Carlsberg. There are no unrelated requirements (no env vars, binaries, or config paths).
- Instruction Scope
- okSKILL.md contains static content (summary, timeline, business analysis) and a 'read_when' hint for context. It does not instruct the agent to read files, access credentials, call external endpoints, or perform system actions.
- Install Mechanism
- okNo install specification; instruction-only skills write nothing to disk and have minimal risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. No sensitive access is requested or implied.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges; autonomous invocation is allowed by default but presents no additional risk given the skill's read-only nature.