Back to skill
Skillv1.0.0
ClawScan security
Northrop Grumman · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 5:37 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides high-level company information about Northrop Grumman and requests no credentials, installs, or system access—its declared purpose matches its actual footprint.
- Guidance
- This skill is low-risk: it only contains instructions for producing company overview text and asks for no credentials or installs. Before installing, be aware that responses will come from the model’s knowledge (and may be out of date or hallucinated); for critical or current facts verify against official sources (e.g., Northrop Grumman’s website or recent filings). If you require live or authoritative data, prefer a skill that declares a reputable data source or API access.
Review Dimensions
- Purpose & Capability
- okThe name and description promise company background, market and competitor info; the skill requires no extra resources and contains only guidance for presenting that information, which is coherent.
- Instruction Scope
- okSKILL.md only defines when to read and the kinds of content to produce (history, business overview, market distribution, competitors). It does not instruct reading files, env vars, or contacting external endpoints.
- Install Mechanism
- okNo install specification or code is included; the skill is instruction-only so nothing is written to disk or fetched at install time.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths—no disproportionate access is requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges; autonomous invocation is allowed by platform default but presents no extra risk here.