Back to skill
Skillv1.0.0
ClawScan security
Cointreau · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 9:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill about the Cointreau liqueur that requests no credentials, performs no installs, and its behavior matches its description.
- Guidance
- This skill appears to be a simple, read-only reference about the Cointreau liqueur and is internally consistent with that purpose. Before installing, consider: (1) the source and owner are unknown and there is no homepage — if provenance matters to you, prefer skills from verified/published sources; (2) the content is likely public-domain or marketing material, but verify licensing if you plan to redistribute it; (3) because it requests no credentials and performs no installs, it poses minimal technical risk; and (4) as with any informational skill, check the content for accuracy or brand/trademark issues if you will rely on it for commercial or legal purposes.
Review Dimensions
- Purpose & Capability
- okThe skill name and description match the SKILL.md content (a reference/history/recipe/marketing-style writeup about Cointreau). There are no unrelated resource requests or capabilities declared.
- Instruction Scope
- okSKILL.md is purely informational and provides 'read_when' guidance for when to use the skill. It does not instruct the agent to read local files, access environment variables, call external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This minimizes risk because nothing is written to disk or executed by the installer.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — consistent with its informational purpose.
- Persistence & Privilege
- okThe skill is not forced-always (always:false), is user-invocable, and allows model invocation (the platform default). There is no indication it requests elevated or persistent system privileges.