Back to skill
Skillv1.0.0
ClawScan security
Copenhagen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 3:25 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a self-contained, instruction-only informational skill about Copenhagen with no installs, no requested credentials, and no behaviors that exceed the stated purpose.
- Guidance
- This skill appears low-risk and coherent for reading and summarizing Copenhagen-related business and city information. Before installing, consider: (1) the skill source/owner is unknown—if you require provenance, prefer skills with a known publisher; (2) the content is static and may become outdated—verify important facts (market caps, dates, policy goals) against authoritative sources before making decisions; (3) if the maintainer later adds install steps, network calls, or requests credentials, re-evaluate, as those would materially change the security posture.
Review Dimensions
- Purpose & Capability
- okThe name/description (Copenhagen city profile and industry overview) align with the SKILL.md content. The skill does not request unrelated binaries, env vars, or config paths — everything present is proportional to an informational city/industry brief.
- Instruction Scope
- okSKILL.md provides static content and a small 'read_when' list describing when to use it (e.g., queries about Copenhagen, investment analysis). It does not instruct the agent to read local files, environment variables, call external endpoints, transmit data elsewhere, or perform actions outside presenting city/market information.
- Install Mechanism
- okNo install spec and no code files are present. Being instruction-only means nothing is written to disk or executed when installed — lowest-risk install footprint.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That matches its informational purpose and is proportionate.
- Persistence & Privilege
- okFlags show always:false and normal user-invocable/autonomous invocation defaults. The skill does not request permanent presence or elevated privileges and does not modify other skills or system settings.