Back to skill
Skillv1.0.0
ClawScan security
J M Smucker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 6:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a simple, instruction-only informational skill about The J.M. Smucker Company; it requests no credentials, installs nothing, and its contents match its stated purpose.
- Guidance
- This skill is an informational summary and appears safe: it doesn't ask for secrets, install software, or perform I/O. One non-security note: the skill's source/homepage is unspecified, so verify facts against official or primary sources if you need authoritative or up-to-date data. If you require dynamic or real-time financial/operational data, prefer an official API or the company's filings rather than this static summary.
Review Dimensions
- Purpose & Capability
- okThe skill name and description match the included SKILL.md content (company history, business model, facts). There are no extra binaries, env vars, or unrelated requirements.
- Instruction Scope
- okThe SKILL.md contains only static informational text and 'read_when' contexts for when to use the content. It does not instruct the agent to read files, access environment variables, run commands, or call external endpoints.
- Install Mechanism
- okNo install spec and no code files are present; this is instruction-only so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — this is proportional and expected for a read-only informational skill.
- Persistence & Privilege
- okFlags show no elevated persistence (always:false) and autonomous invocation is allowed by default on the platform; nothing in the skill requests additional privileges.