Back to skill
Skillv1.0.0
ClawScan security
Jpmorgan Chase Alt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 24, 2026, 6:11 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill is a static, prose-based briefing about JPMorgan Chase with no installs, credentials, or system access requested, and its declared capabilities line up with what it actually contains.
- Guidance
- This skill appears to be a harmless, static briefing about JPMorgan Chase. Before installing: (1) note the publisher/source is unknown and there are no citations — verify any facts against reliable sources if you will rely on them for important decisions; (2) the skill requests no credentials or system access, so it won't exfiltrate secrets, but avoid providing sensitive personal or company data when invoking it; (3) consider asking the skill (or its author) for source citations or references if you need verifiable data or up-to-date figures.
Review Dimensions
- Purpose & Capability
- okThe name and description promise a historical and analytical briefing on JPMorgan Chase; the skill is instruction-only and contains exactly that content with no extraneous requirements (no env vars, binaries, or config paths).
- Instruction Scope
- okThe SKILL.md is a self-contained historical/analytical document and the 'read_when' triggers describe contexts where the content is relevant; it does not instruct the agent to read unrelated files, access environment variables, or transmit data externally.
- Install Mechanism
- okThere is no install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk. Note: source and homepage are unknown, but that only affects provenance, not technical behavior.
- Credentials
- okThe skill declares no required environment variables or credentials, which is proportionate to a read-only analytical briefing.
- Persistence & Privilege
- okalways is false (default) and the skill does not request elevated or persistent privileges or modify other skills' configs; autonomous invocation is allowed by platform default and is not, by itself, a concern here.