Back to skill
Skillv1.0.0
ClawScan security
Hca Healthcare · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 10:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only informational skill about HCA Healthcare; it requests no credentials, performs no installs, and its content is consistent with its stated purpose.
- Guidance
- The skill appears low-risk and internally consistent because it's an instruction-only informational brief with no installs or credential requests. Before using it in decisions, verify factual claims against primary sources (SEC filings, HCA investor pages) because provenance (no homepage/source listed) is unknown. Do not feed any private patient data or credentials to the skill; treat it as a static company summary, not authoritative legal/medical advice.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md all describe an informational briefing on HCA Healthcare; there are no extra binaries, env vars, or installs requested that would be unrelated to that purpose. The lack of homepage/source is a provenance note but not an incoherence.
- Instruction Scope
- okSKILL.md contains static summary text, facts, and a 'read_when' trigger for when the agent should consult it; it does not instruct the agent to read local files, access environment variables, call external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill. Nothing will be written to disk or downloaded by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are requested; the requested privileges are proportionate to an informational skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent or elevated platform privileges.