Back to skill
Skillv1.0.0
ClawScan security
Jpmorgan Bank · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 12:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only informational skill about JPMorgan Chase; it contains no code, does not request credentials or system access, and is consistent with its stated purpose.
- Guidance
- This skill is informational only and appears low-risk: it contains a compiled summary of JPMorgan Chase history and analysis, with no code, installs, or credential requests. Consider that the source is unknown and the content may be outdated or contain errors—do not rely on it for transactional or legal decisions. If future versions add network calls, environment variables, or install steps, re-evaluate before enabling. Otherwise it is safe to use for reading and summarization purposes.
Review Dimensions
- Purpose & Capability
- okThe skill name and description match the SKILL.md content (historical timeline, business model, metrics, analysis). It does not request unrelated capabilities or credentials.
- Instruction Scope
- okSKILL.md is purely content/notes for the agent to read/use. It contains no runtime commands, file reads, or directives to access system state or external endpoints beyond the informational text.
- Install Mechanism
- okNo install specification or code files are present; this is instruction-only so nothing will be written to disk or installed.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; no secrets or external-service access are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide changes or modify other skills. It is user-invocable and may be called by the agent (normal behavior) but has no elevated privileges.