Back to skill
Skillv1.0.0
ClawScan security
Shiseido · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 3:26 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only brand guide for Shiseido that requests no credentials, binaries, or installs and is internally consistent with its stated purpose.
- Guidance
- This skill is low-risk from a security/permission perspective because it is instruction-only and asks for no credentials or installs. However, the package metadata lists no homepage and the source is unknown—if you plan to rely on it for business or research, verify key facts (CEO, revenue, recent acquisitions) against official or reputable sources because the guide may be out of date or contain errors. If you want stricter control, keep autonomous invocation off or review outputs before acting on them.
Review Dimensions
- Purpose & Capability
- okName and description match the content of SKILL.md (brand history, products, aesthetic and strategy analysis). The skill declares no extra permissions or tools that would be unexpected for an informational guide.
- Instruction Scope
- okSKILL.md contains static guidance and content to use when answering brand-related queries; it does not instruct the agent to read local files, access external endpoints, or collect unrelated system data.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing will be written to disk or downloaded at install-time.
- Credentials
- okThe skill does not request any environment variables, credentials, or config paths; requested privileges are proportional (none) to the stated informational purpose.
- Persistence & Privilege
- okalways is false and model invocation is not disabled (normal defaults). The skill does not request persistent system-wide changes or modify other skills' configs.