Back to skill
Skillv1.0.0
ClawScan security
Illumina · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 5:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill about Illumina that requests no credentials, binaries, or installs and is internally consistent with its stated purpose.
- Guidance
- This skill is essentially a read-only summary about Illumina and appears safe from a permissions and installation standpoint. It does not perform actions or request secrets. Two practical notes before installing: (1) provenance is unknown (no homepage or source URL), so verify any facts against trusted sources if you need authoritative data; (2) if you expect interactive functionality (API calls, data lookups, or actions), this skill does not provide them—it's purely informational. If you prefer not to allow even autonomous invocation, keep it user-invocable only or disable model invocation for the skill.
Review Dimensions
- Purpose & Capability
- okThe skill name and description match the SKILL.md content (a company/history/business summary). It declares no binaries, env vars, or config paths that would be inconsistent with an informational summary.
- Instruction Scope
- okSKILL.md is purely descriptive (history, business model, facts) with 'read_when' guidance for when to consult it. It does not instruct the agent to run shell commands, access files, call external endpoints, or read environment variables.
- Install Mechanism
- okNo install specification or code files are present (instruction-only), which is the lowest-risk model for a skills system—nothing will be written to disk or executed on install.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. There is no disproportionate request for secrets or unrelated service tokens.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. model invocation is not disabled (the default) which is normal; there are no indications the skill attempts to modify other skills or persist credentials.