v1.0.0

Grab Holdings

BenignClawScan verdict for this skill. Analyzed May 2, 2026, 9:04 PM.

Analysis

This appears to be a static informational skill about Grab Holdings, with no code, install steps, credential requirements, or account actions.

GuidanceThis skill looks safe as a static reference about Grab Holdings. Before installing, note that the capability signals mention wallet, purchase, crypto, and sensitive credential access even though the skill does not appear to need them; do not grant those permissions for this skill without a clear explanation from the publisher.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceMediumStatusNote

metadata

Capability signals: crypto; requires-wallet; can-make-purchases; requires-sensitive-credentials

These signals imply sensitive wallet, purchase, or credential-related authority, but the skill is otherwise an instruction-only company profile with no declared credentials, binaries, install spec, or code.

User impactA user should not need to provide wallet access, payment authority, or sensitive credentials to use a read-only business-information skill.

RecommendationUse this only as a read-only informational skill; do not grant wallet, purchase, or credential access unless the publisher clearly explains why it is needed.