Back to skill
Skillv1.0.0
ClawScan security
Palantir Tech · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 4:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only, informational briefing about Palantir and does not request credentials, install software, or instruct the agent to access files or networks—its declared behavior matches its content.
- Guidance
- This skill is a plain informational brief about Palantir and presents low technical risk because it contains no install steps, code, or credential requests. The main non-technical concern is provenance: the source and homepage are unknown, so verify the content before relying on it for decisions (it may be out-of-date or contain bias). As always, do not provide any secrets or private data when testing third-party skills, and if you require verified or official documentation, prefer direct sources such as Palantir's website, regulatory filings, or reputable news and analysis outlets.
Review Dimensions
- Purpose & Capability
- okThe skill name and description promise an overview/analysis of Palantir; the single SKILL.md file contains a company history, business model, and analysis. There are no unrelated requirements (no env vars, binaries, or installs), so requested capabilities align with the stated purpose.
- Instruction Scope
- okSKILL.md is purely descriptive and includes metadata ('read_when') indicating when to present the content. It does not instruct the agent to run commands, read system files, access environment variables, or transmit data to external endpoints.
- Install Mechanism
- okThere is no install specification and no code files; this is instruction-only, which minimizes filesystem and execution risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. Nothing requested appears disproportionate to an informational briefing.
- Persistence & Privilege
- okSkill flags are default (not always:true). It is user-invocable and may be autonomously invoked by the agent per platform defaults, but it does not ask for elevated privileges or cross-skill/system configuration changes.