Back to skill
Skillv1.0.0
ClawScan security
Celgene · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 6:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, educational skill about Celgene's corporate history and products; it requests no credentials, makes no installs, and its instructions stay within that scope.
- Guidance
- This skill appears to be an informational/educational skill and is internally consistent with that purpose. It requests no credentials, performs no installs, and its instructions are limited to presenting company history and analysis. If you require provenance, note the skill's source/homepage are not provided (owner ID only); if that matters for trust, ask the publisher for a homepage or source repository before installing. Otherwise it is low-risk to enable for human-invoked use.
Review Dimensions
- Purpose & Capability
- okName and description match the content of SKILL.md (a corporate/industry case study). There are no unexpected binaries, env vars, or config paths requested.
- Instruction Scope
- okSKILL.md contains only background, timeline, analysis, and usage contexts (read_when). It does not instruct the agent to read unrelated files, call external endpoints, or collect secrets.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or fetched during install. This is the lowest-risk pattern.
- Credentials
- okThe skill declares no required environment variables or credentials; nothing disproportionate is requested.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent/privileged presence or system configuration changes.