Back to skill
Skillv1.0.0
ClawScan security
Eth Zurich · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 2:21 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill that provides a profile of ETH Zurich; its content, requirements, and runtime instructions are consistent with that purpose and do not request extra permissions or perform unexpected actions.
- Guidance
- This skill is a static informational profile about ETH Zurich and appears internally consistent. Before relying on it for decisions (e.g., investment or academic comparisons), verify key facts and figures against authoritative sources (ETH Zurich website, QS rankings, official reports). Because it contains no code or external install steps, it does not request access to your system or secrets — the main risk is factual accuracy and staleness, not security. If you need up-to-date or primary-source data, cross-check rather than relying solely on this skill.
Review Dimensions
- Purpose & Capability
- okThe skill name/description match the SKILL.md content (an informational profile about ETH Zurich). There are no declared env vars, binaries, or config paths that would be unrelated to an informational reference.
- Instruction Scope
- okSKILL.md contains static, topical content and a small 'read_when' list describing contexts for use (e.g., company info, investment analysis). It does not instruct the agent to read system files, access credentials, call external endpoints, or transmit data outside the agent.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only, so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. No sensitive or unrelated secrets are requested.
- Persistence & Privilege
- okFlags are default (always: false, user-invocable: true, model invocation allowed). Autonomous invocation is permitted but not combined with elevated privileges or broad credential access, so this is proportionate.