Back to skill
Skillv1.0.0
ClawScan security
mastercard-payments · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 12:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill that summarizes Mastercard's history and business — it requests no credentials, does no installs, and its instructions stay within that scope.
- Guidance
- This skill is an informational, instruction-only summary about Mastercard and appears internally consistent. It asks for no credentials and installs nothing, so technical risk is low. However, the skill's source/homepage are not provided — if provenance or trust of the publisher matters to you, consider reviewing the SKILL.md yourself before enabling the skill for autonomous agent use. If you plan to feed sensitive or account-specific data to the agent, remember that this skill does not need any secrets and adding unrelated credentials would be unnecessary; avoid granting broad secrets to skills unless required and trusted.
Review Dimensions
- Purpose & Capability
- okThe name/description promise (Mastercard history/analysis) matches the SKILL.md content. The skill does not request unrelated binaries, env vars, or config paths.
- Instruction Scope
- okSKILL.md contains only research/summary instructions and a 'read_when' guide for when the content is relevant; it does not instruct the agent to read local files, exfiltrate data, run commands, or call external endpoints.
- Install Mechanism
- okThere is no install spec and no code files — lowest-risk, nothing is written to disk or executed by the platform.
- Credentials
- okNo environment variables, credentials, or config paths are required. The content is purely descriptive and does not justify any secret access.
- Persistence & Privilege
- okFlags are default (not always). The skill does not request permanent/system-level privileges or attempt to modify other skills or agent configs.