Back to skill
Skillv1.0.0
ClawScan security
Procter Gamble · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 7:31 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only informational skill that provides a P&G company profile and requires no installs, credentials, or special privileges — its declared behavior and requirements are consistent with its description.
- Guidance
- This skill appears safe and coherent for providing a P&G company profile — it does not ask for credentials or install software. However, the source is 'unknown' and the content may become outdated or contain minor factual errors; do not rely on it as sole input for critical investment or legal decisions. If future versions request installs, env vars, or 'always' inclusion, pause and re-evaluate before enabling.
Review Dimensions
- Purpose & Capability
- okName/description (P&G company profile) match the SKILL.md content. The skill declares no binaries, env vars, or config paths that would be unrelated to providing company information.
- Instruction Scope
- okSKILL.md is a static company profile and a small set of 'read_when' triggers for when to use it. It does not instruct the agent to read local files, access environment variables, call external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate access requested relative to the stated purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent inclusion or elevated privileges and does not modify other skills or system settings.