Back to skill
Skillv1.0.0
ClawScan security
Enbridge Inc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 3:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a simple, instruction-only informational card about Enbridge with no installs, no credentials requested, and no actions beyond providing static company facts.
- Guidance
- This skill appears low-risk and coherent: it only provides static information about Enbridge and asks for no credentials or installs. Before relying on its data, verify key facts (financial figures, dates, project status) against authoritative sources because the SKILL.md offers a snapshot and does not cite sources or live data. If you need up-to-date financials or pipeline status, use a data connector or official filings instead.
Review Dimensions
- Purpose & Capability
- okName/description (Enbridge company summary) matches the SKILL.md content (timeline, business model, metrics). Nothing requested or required that is unrelated to an informational/company-reference skill.
- Instruction Scope
- okSKILL.md only contains static content and 'read_when' triggers describing when the skill is useful. It does not instruct the agent to read files, access environment variables, call external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is written to disk or downloaded.
- Credentials
- okNo required environment variables, credentials, or config paths are declared or referenced. No disproportionate secret access.
- Persistence & Privilege
- okalways is false and there is no request to persist or modify other skills or system settings. disable-model-invocation is false (normal platform default) but this alone does not add risk in this case.