Back to skill
Skillv1.0.0
ClawScan security
Snickers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 7:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only informational skill about the Snickers brand; it requests no credentials, installs nothing, and its runtime instructions are limited to presenting brand/history/marketing content.
- Guidance
- This skill is low-risk: it only provides informational content about Snickers and doesn't request credentials or install software. However, the skill's source is unknown and the SKILL.md makes factual claims (sales numbers, dates, marketing outcomes) without citations; if you need authoritative data for business or research use, verify key facts against primary sources (Mars Wrigley press releases, industry reports). Also be cautious if a future version adds install steps, network access, or environment variables—those would warrant a fresh review.
Review Dimensions
- Purpose & Capability
- okName/description (Snickers brand info, history, marketing) match the SKILL.md content. There are no unrelated requirements (no env vars, binaries, or config paths).
- Instruction Scope
- okSKILL.md contains only factual and marketing-history content and a small 'read_when' trigger list. It does not instruct the agent to read files, access credentials, call external endpoints, or exfiltrate data.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). Nothing will be written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths—proportional to its stated purpose of providing brand information.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request elevated or persistent privileges and does not modify other skills or system configuration.