Back to skill
Skillv1.0.0
ClawScan security
Napa · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 6:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill that provides a company/market overview of NAPA Auto Parts and requests no credentials, binaries, or installs — its declared behavior matches its content.
- Guidance
- This skill appears to be a read-only informational summary about NAPA Auto Parts and poses minimal risk as it requests nothing and has no install step. The only minor caution is that the skill's source and homepage are unknown — while that is not dangerous here (no code/credentials), if you need transactional features (ordering, account access) prefer official integrations and do not supply credentials unless the skill explicitly requires and documents them. If you want stronger assurance, ask the publisher for a homepage or source repository before installing.
Review Dimensions
- Purpose & Capability
- okName and description claim an informational summary of NAPA; the SKILL.md contains only corporate history, business analysis, and metrics. There are no requested env vars, binaries, or other capabilities that would be unrelated to an informational skill.
- Instruction Scope
- okThe SKILL.md is purely descriptive and the read_when hints are limited to user queries about NAPA or the aftermarket retail sector. It does not instruct the agent to read system files, access environment variables, call external endpoints, or transmit user data.
- Install Mechanism
- okNo install spec and no code files are present. As an instruction-only skill, nothing is written to disk and there is no installation-related risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or unrelated access.
- Persistence & Privilege
- okalways is false (default), user-invocable is true, and model invocation is allowed (default). This is normal for skills; combined with the lack of install/code/credentials, there is no elevated persistence or privilege concern.