Back to skill
Skillv1.0.0
ClawScan security
Christie's · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 9:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only, informational skill about Christie's auction house; it requests no credentials, installs nothing, and its instructions are limited to serving as a reference, so its declared behavior matches its runtime footprint.
- Guidance
- This skill is an informational reference about Christie's and appears internally consistent: it asks for nothing and only contains static content. Before installing, consider that the source is listed as 'unknown' — if you need authoritative or up-to-date facts (sales numbers, ownership, or recent events), verify against Christie's official site or reputable news sources. Because it requests no credentials and has no install step, the direct security risk is low, but treat the content as reference-only rather than definitive legal/financial advice.
Review Dimensions
- Purpose & Capability
- okThe skill name and description match the SKILL.md content (an institutional overview and reference material about Christie's). It does not request unrelated permissions, binaries, or secrets — the requested capabilities are proportionate to an informational/reference skill.
- Instruction Scope
- okSKILL.md contains static reference text and 'read_when' triggers indicating when to surface the content. There are no commands, external endpoints, file paths, or environment variables referenced in the instructions. The scope is constrained to providing background and analysis on auctions, Christie's vs Sotheby's, and digital art auctions.
- Install Mechanism
- okNo install specification and no code files are present (instruction-only). This minimal footprint means nothing is downloaded or written to disk by an install step.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or access beyond what an informational skill needs.
- Persistence & Privilege
- okalways is false (not forced into every agent run). disable-model-invocation is false (normal — the agent may call it autonomously), which combined with the skill's read-only nature poses no elevated persistence or privilege concerns. The skill does not claim to modify other skills or system settings.