Skillv1.0.0

ClawScan security

Intuit Financial · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 12:03 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a read-only, instruction-only skill that provides a company/market overview of Intuit and does not request credentials, install code, or perform actions outside its stated purpose.
Guidance: This skill is a static knowledge/information skill and appears internally consistent and low-risk: it asks for nothing and provides background on Intuit. Before relying on any numeric claims (revenues, user counts, dates), verify them against primary sources because the SKILL.md content may be out of date or contain inaccuracies. Also be cautious if a future version adds install steps, environment variables, or outbound network calls — those would warrant a fresh review.

Purpose & Capability: okThe skill name, description, and SKILL.md all describe an Intuit/company-market overview and analysis. There are no unrelated requirements (no env vars, binaries, or installs) that would be disproportionate to this purpose.
Instruction Scope: okThe runtime instructions (read_when list and content) are limited to research and analysis topics (tax tech market, pricing, IRS policy, AI impact, competitor comparison). They do not instruct the agent to read local files, access credentials, call external endpoints, or transmit data.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no requests for secrets or unrelated service tokens.
Persistence & Privilege: okalways is false (no forced inclusion). disable-model-invocation is false (normal), meaning the agent may call it when appropriate, which is expected for a content/knowledge skill.