Back to skill
Skillv1.0.0
ClawScan security
Mckinsey · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 11:06 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an information-only skill about McKinsey; its contents, requested resources, and behavior are consistent with an informational reference and do not ask for credentials or install code.
- Guidance
- This skill is an informational profile about McKinsey and appears coherent and low-risk: it does not request credentials or install code. Two practical checks before installing: 1) confirm the skill's origin (owner ID is present but homepage/source are unknown) if provenance matters to you; 2) clarify the 'trigger: always_on' line in SKILL.md versus the registry's always: false if you want to be certain it won't be auto-invoked in contexts you don't expect. Otherwise it is safe to add as a reference-only skill.
Review Dimensions
- Purpose & Capability
- okName and description describe a firm profile/knowledge article. The skill requests no binaries, environment variables, or installs — this is proportionate for a read-only informational skill.
- Instruction Scope
- noteSKILL.md is purely authored content (history, business model, facts) and does not instruct the agent to read files, call external endpoints, or access credentials. One inconsistency: the SKILL.md includes a top-line 'trigger: always_on' directive suggesting it should always be used, but the registry metadata lists always: false. That mismatch should be clarified (the content itself is otherwise benign).
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill. Nothing is written to disk or fetched at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths, which aligns with its informational purpose.
- Persistence & Privilege
- noteRegistry flags show always: false (normal), but SKILL.md's 'trigger: always_on' suggests the author expects the content to be always available. This is an authoring inconsistency rather than an immediate privilege escalation; confirm how the platform will interpret that trigger if you care about automatic invocation.