Back to skill
Skillv1.0.0
ClawScan security
Florence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 5:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill is a static informational summary about Florence and does not request credentials, install software, or instruct the agent to access files or external systems—its declared purpose matches its contents.
- Guidance
- This skill is a static, read-only knowledge card about Florence and appears internally consistent and low-risk. Note the source/homepage is unknown, so content may be unsourced or become outdated—treat factual claims (visitor numbers, dates, brands) as unverified and cross-check if you need authoritative data. If a future version adds an install step, required credentials, or instructions to access local files or external endpoints, stop and reassess before approving.
Review Dimensions
- Purpose & Capability
- okThe name and description (Florence / Firenze tourism, art, history) match the SKILL.md content. The skill requests no binaries, env vars, or config paths, which is proportionate for a read-only informational skill.
- Instruction Scope
- okSKILL.md contains a timeline, economic and cultural notes, and a 'read_when' guidance list. It does not instruct the agent to read local files, environment variables, or transmit data to external endpoints. There is no scope creep.
- Install Mechanism
- okNo install spec and no code files are present. Because it's instruction-only, nothing is written to disk or executed, which is expected and low risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate secret or system access.
- Persistence & Privilege
- okalways is false and model invocation is not disabled (default). This is normal for a skill of this type and does not pose additional privilege concerns.