Back to skill
Skillv1.0.0
ClawScan security
Omega Brand · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 10:06 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only knowledge skill about Omega watches that asks for no credentials, installs, or system access and is internally consistent with its stated purpose.
- Guidance
- This skill appears to be a straightforward, read-only knowledge base about Omega watches and is coherent with its description. Before installing, consider: (1) provenance — the source and homepage are unknown, so verify key facts against authoritative sources if accuracy matters; (2) citations — if you need verifiable references (e.g., for publishing or legal use), request or add source citations; and (3) autonomy settings — if you prefer to limit skills that can run without prompting, adjust your agent's autonomous-invocation settings (this skill itself does not request extra privileges or credentials). Overall the skill does not ask for sensitive data or perform risky actions.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description match the SKILL.md content (a comprehensive Omega/horology knowledge base). Nothing in the metadata or runtime instructions requests unrelated capabilities. One caveat: the skill's source/homepage is unknown, so provenance and authorship are not verifiable even though functionality is coherent.
- Instruction Scope
- okSKILL.md contains topical guidance and reference material for discussing Omega (read_when triggers and encyclopedic content). It does not instruct the agent to read local files, access environment variables, contact external endpoints, or collect/transmit user data beyond normal agent outputs.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). Because nothing is written to disk or downloaded, install risk is minimal.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or unrelated service keys.
- Persistence & Privilege
- noteThe skill does not request special persistence (always:false). Autonomous invocation (model-invocation allowed) is the platform default; this is normal and not by itself a risk for this skill, though users who restrict autonomous skills should consider that default behavior.