Back to skill
Skillv1.0.0
ClawScan security
Rivian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 7:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a simple, instruction-only informational skill about Rivian that does not request credentials, install software, or perform file/network operations — it appears to do what it says.
- Guidance
- The skill is an offline/instruction-only summary and does not request any secrets or install code, so it is internally consistent. However, the skill's source and homepage are not provided, so verify any important facts (delivery counts, financing, dates) against reputable sources before acting on them. If you need real-time data (e.g., latest deliveries, earnings, or recalls), prefer official filings, Rivian's site, or trusted news APIs since this skill appears to be a static summary.
Review Dimensions
- Purpose & Capability
- okThe name/description (Rivian company/product info) matches the SKILL.md content, which is a static summary of company history, products, and metrics. There are no unrelated requirements (no env vars, binaries, or config paths).
- Instruction Scope
- okSKILL.md contains only factual/summary content and trigger phrases (read_when). It does not instruct the agent to read files, access environment variables, call external endpoints, or exfiltrate data. Scope is limited to providing Rivian information.
- Install Mechanism
- okNo install spec and no code files; nothing is written to disk or fetched at install time. This is the lowest-risk pattern for a skill.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate access requested for its stated purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable only; it does not request permanent/system-wide privileges or modify other skills/configuration.