Back to skill
Skillv1.0.0
ClawScan security
Novo Nordisk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 10:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill about Novo Nordisk with no code, no installs, and no requested secrets or system access — its contents are coherent with its stated purpose.
- Guidance
- This skill is low-risk from a security perspective because it is instruction-only and requests no credentials or installs. The main concerns are content accuracy and provenance: the skill's source is 'unknown' and no homepage or citations are provided, so verify market numbers, dates, and claims against reliable sources before using this information for decisions. If you require auditable sourcing or up-to-date financial figures, prefer skills or data sources that cite primary references (regulatory filings, company reports, reputable news) or add your own verification step.
Review Dimensions
- Purpose & Capability
- okThe name/description (company profile of Novo Nordisk) matches the SKILL.md contents — historical timeline, business model, market data and analysis. There are no unrelated requirements (no binaries, env vars, or config paths) that would contradict the stated purpose.
- Instruction Scope
- okSKILL.md is purely informational guidance for researching Novo Nordisk (history, market, products). It does not instruct the agent to read files, access credentials, call external endpoints, or perform actions outside the scope of providing informational content.
- Install Mechanism
- okNo install specification and no code files are present, so nothing will be written to disk or installed. This is the lowest-risk pattern for a skill that only provides prose guidance.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no request for secrets or access to unrelated systems, which is appropriate for an informational/company-profile skill.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges. Autonomous invocation is allowed (platform default) but, given the skill's harmless scope, this does not increase risk.