Back to skill
Skillv1.0.0
ClawScan security
Mg · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 8:02 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper that asks the agent to provide structured background and market information about an entity called “mg”; its declared requirements and instructions are internally consistent and proportionate.
- Guidance
- This skill is internally consistent and does not request secrets or installs, so it poses low security risk. Before relying on it for decisions: (1) confirm which ‘mg’ entity you mean (the name is generic and ambiguous), (2) verify any facts returned against official sources because the SKILL.md does not require citations or specify data sources, and (3) test the skill with sample queries to check accuracy and whether it attempts to obtain external credentials or perform unexpected actions. If you need authoritative, auditable information, prefer skills that include explicit source/citation behavior or use verified APIs.
Review Dimensions
- Purpose & Capability
- okThe name and description (deliver structured information about mg) match the SKILL.md content. There are no unexpected environment variables, binaries, or install steps required.
- Instruction Scope
- noteSKILL.md simply defines the categories of information to return (founding, products, market position, updates) and triggers for use. It does not instruct the agent to read local files, access unrelated services, or require secrets. It is somewhat vague about data sources (e.g., whether to use web searches, databases, or cached knowledge), which affects accuracy but not coherence.
- Install Mechanism
- okNo install specification or code files are provided (instruction-only), which is the lowest-risk model — nothing will be written to disk or installed by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths; this is proportionate for a read-only informational helper.
- Persistence & Privilege
- okThe skill does not request always: true and uses default invocation settings. Allowing the agent to invoke the skill autonomously is normal and expected for skills of this type.