Back to skill
Skillv1.0.0
ClawScan security
Carlyle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 5:11 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only informational brief about the Carlyle Group; it requires no credentials, installs, or system access and its declared purpose matches its content.
- Guidance
- This skill is an informational summary about the Carlyle Group and is internally consistent with that purpose. It doesn't request credentials or install code, so it poses minimal platform risk. Consider: (1) content may be stale or incomplete — verify facts against reliable sources (official filings, reputable news, company site); (2) the skill's provenance is unknown (no homepage/author) — if you need authoritative analysis or commercial use, prefer sources with citations; (3) although benign, any autonomous agent behavior is platform-default — if you want to limit automatic invocation, consider disabling model invocation for the agent or reviewing invocation rules.
Review Dimensions
- Purpose & Capability
- okName and description (insights on Carlyle Group) align with the SKILL.md content. The skill requests no binaries, env vars, or other capabilities that would be unrelated to a research/summary skill.
- Instruction Scope
- okSKILL.md contains static informational text and a small 'read_when' trigger list. It does not instruct the agent to read files, access environment variables, call external endpoints, or perform system operations beyond providing text.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or installed. This is the lowest-risk delivery model.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; there is no disproportionate or unexplained secret access.
- Persistence & Privilege
- okalways is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent or elevated privileges or attempt to modify other skills or system settings.