Back to skill
Skillv1.0.0
ClawScan security
Mckesson · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 11:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a static, instruction-only informational skill about the company McKesson; it requests no credentials, performs no installs, and its behavior matches its description.
- Guidance
- This skill is an informational/company-profile document and appears safe from a security/permission perspective: it asks for no secrets, installs nothing, and does not direct the agent to access files or networks. Consider that the source is listed as 'unknown' and there is no homepage — verify factual accuracy and recency before relying on this content for decisions. If you need provenance or up-to-date financials, consult official filings or trusted financial data providers.
Review Dimensions
- Purpose & Capability
- okThe name and description are a company/company-profile summary and the SKILL.md contains only explanatory content about McKesson; nothing in the package requests unrelated capabilities or credentials.
- Instruction Scope
- okSKILL.md is a self-contained article and a short 'read_when' guideline. It does not instruct the agent to read local files, access environment variables, call external endpoints, or collect/transmit user data.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). Nothing will be downloaded or written to disk by an installer.
- Credentials
- okNo environment variables, credentials, or config paths are requested; the requirements are proportional (none) to the stated informational purpose.
- Persistence & Privilege
- okalways is false and model invocation is allowed (the platform default). Because the skill is read-only content with no external actions or secrets, autonomous invocation carries minimal security risk.