Back to skill
Skillv1.0.0
ClawScan security
Disney Entertainment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 12:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an information-only skill about Disney with no installs, no credentials requested, and instructions limited to presenting research content — its requirements and behavior match its description.
- Guidance
- This skill is essentially a static reference about Disney and appears coherent and low-risk. Before installing, consider whether you trust the publisher (source is listed as unknown) and whether you need third-party provenance or versioning for content accuracy. Because it requests no credentials or installs, the main remaining concerns are content accuracy and intellectual-property nuance (e.g., discussing copyrighted characters). If you plan to allow autonomous invocation of skills broadly, note that this skill itself does not request extra privileges; still apply your usual policy for enabling third-party skills from unknown authors.
Review Dimensions
- Purpose & Capability
- okName/description claim an informational reference about Disney; the skill is instruction-only and provides historical, strategic, and business analysis content. There are no extra permissions, env vars, or binaries requested that would be unrelated to that purpose.
- Instruction Scope
- okSKILL.md contains only static informational text and 'read_when' use-cases for when to present the content. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect/transmit user data.
- Install Mechanism
- okNo install spec and no code files; nothing will be written to disk or fetched during installation. This is the lowest-risk model for skills.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is proportionate for a read-only informational/reference skill.
- Persistence & Privilege
- okalways is false, user-invocable is true, and model invocation is allowed (the platform default). There is no request for permanent presence or modification of agent/system configuration beyond normal invocation.