Skillv1.0.0

ClawScan security

Exelixis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 25, 2026, 5:02 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only, read-only informational profile about Exelixis (biopharma) that requests no credentials, installs nothing, and is internally consistent with its stated purpose.
Guidance: This skill is informational only and does not request credentials or install software, so it appears safe to add from a system-privilege perspective. However, the skill's source/homepage is unknown and SKILL.md is a static summary — verify any clinical, financial, or regulatory claims against authoritative sources (company filings, peer-reviewed literature, FDA notices) before using the information for decisions, and do not treat it as medical advice.

Purpose & Capability: okThe skill's name and description match the SKILL.md content (company background, timeline, business analysis). It does not request unrelated resources or capabilities. Note: the skill's source/homepage is unknown, which limits verifiability but does not create an internal coherence problem.
Instruction Scope: okSKILL.md contains only static informational content and 'read_when' guidance for when to use it. It does not instruct the agent to read system files, access environment variables, or send data externally.
Install Mechanism: okNo install spec and no code files — instruction-only. There is nothing written to disk or downloaded during install.
Credentials: okThe skill declares no required environment variables, credentials, or config paths; requested privileges are minimal and proportional to an informational skill.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or modify other skills. disable-model-invocation is false (normal); autonomous invocation is allowed by platform default but this skill's read-only nature keeps risk low.