Skillv1.0.0

ClawScan security

Ericsson · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 19, 2026, 8:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that provides a static company profile of Ericsson; it requests no credentials, installs nothing, and its instructions are limited to presenting information—so its declared behavior matches its requirements.
Guidance: This skill is a static informational profile about Ericsson and appears internally consistent and low-risk. Note that the source/homepage are not provided and content may be out of date or unsourced — verify any financial or technical claims against primary sources (company filings, official Ericsson site, or trusted market reports) before using the information for investment or operational decisions.

Purpose & Capability: okName and description promise a company profile and market analysis; the skill contains only a SKILL.md with historical, business and metric text. There are no unexpected env vars, binaries, or install steps that would be unrelated to an informational/company-profile skill.
Instruction Scope: okThe SKILL.md is static content and a small 'read_when' usage guide in Chinese (when to consult the skill). It does not instruct the agent to run shell commands, read local files, access environment variables, or send data to external endpoints beyond normal agent behavior.
Install Mechanism: okNo install specification and no code files — the skill is instruction-only, so nothing will be written to disk or executed during install.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or external credentials.
Persistence & Privilege: okalways is false and the skill is user-invocable. disable-model-invocation is false (the default), which is normal; there is no indication the skill attempts to persistently modify agent/system configuration or other skills.