Skillv1.0.0

ClawScan security

Hormel Foods · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 26, 2026, 1:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only, informational skill about Hormel Foods with no installs, no credential requests, and no out-of-scope actions — it is internally consistent with its stated purpose.
Guidance: This skill is low risk: it's just a static informational guide about Hormel Foods in Chinese and has no installs or credential access. Before installing, consider whether you trust the (unknown) publisher for content accuracy; if you need verified facts for critical use, cross-check with reliable sources. Because it can be invoked by the model (the platform default), be aware the agent may use this content autonomously when asked about Hormel Foods, but there are no secret-exfiltration or system-level risks in the skill itself.

Purpose & Capability: okThe name and description promise a historical and business overview of Hormel Foods; the SKILL.md contains exactly that content and does not request unrelated capabilities, binaries, or credentials.
Instruction Scope: okThe SKILL.md is purely expository (timeline, business model, facts). It does not instruct the agent to read files, access system paths, call external endpoints, or collect credentials; the read_when list is advisory and appropriate for an informational skill.
Install Mechanism: okNo install spec and no code files are present (instruction-only), so nothing is written to disk or downloaded at install time.
Credentials: okThe skill declares no required environment variables, credentials, or config paths — nothing disproportionate is requested for an informational content skill.
Persistence & Privilege: okalways is false and model invocation is allowed (the platform default). The skill does not request persistent system presence or modify other skills; its privileges are appropriate for its purpose.