Back to skill
Skillv1.0.0
ClawScan security
lego-toys · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 12:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only informational doc about LEGO (history, business, facts) and it does not request credentials, install code, or access system resources — its declared capabilities match its content.
- Guidance
- This skill is a static informational briefing about LEGO and appears internally consistent and low-risk: it asks for no credentials, installs nothing, and contains no executable instructions. If you prefer provenance, verify the author/source before trusting any factual claims; otherwise it's safe to enable for reading and summarization use. Note: allowing autonomous invocation is normal for skills, but this one does not request extra privileges.
Review Dimensions
- Purpose & Capability
- okName and description describe an informational LEGO brand briefing, and the SKILL.md content is exactly that (timeline, business model, facts). There are no unrelated requirements or hidden capabilities.
- Instruction Scope
- okThe runtime instructions are purely content (what to read/use the doc for). They do not tell the agent to read local files, environment variables, or call external endpoints beyond normal agent behavior.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). Nothing will be downloaded or written to disk by installing this skill.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — there is no disproportionate access requested.
- Persistence & Privilege
- okalways is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent or elevated privileges and does not modify other skills or system settings.