Back to skill
Skillv1.0.0
ClawScan security
Kirin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 3:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only informational brief about Kirin Holdings; its content and resource requests are consistent with that stated purpose.
- Guidance
- This skill is a self-contained informational summary about Kirin Holdings and does not request credentials or install software. The main risk is provenance: the source and homepage are unknown, and factual claims (revenues, market shares, acquisitions) should be verified against authoritative sources before using for decisions. If you plan to let an agent act autonomously using this skill, note it contains only static text and cannot access external data or secrets — so it's low-risk, but confirm accuracy independently for critical uses.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content (company history, business model, timelines). The skill declares no credentials, binaries, or config paths — all appropriate for an informational/summary skill.
- Instruction Scope
- okSKILL.md contains static company analysis and does not instruct the agent to read files, call external endpoints, access environment variables, or perform system actions beyond providing the text. No scope creep detected.
- Install Mechanism
- okNo install specification and no code files are present (instruction-only). This minimizes on-disk execution and is proportionate for a read-only informational skill.
- Credentials
- okNo environment variables, credentials, or config paths are requested. There is no unexplained access to secrets or external services.
- Persistence & Privilege
- okalways is false and the skill does not request special persistence or to modify other skills/configuration. Normal agent-invocation settings apply.