Skillv1.0.0

ClawScan security

Supreme · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 17, 2026, 8:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only, informational skill about the Supreme brand; its requirements and runtime instructions are consistent with that purpose and it does not request credentials, install software, or perform file/ network actions.
Guidance: This skill is an informational guide and appears safe from a permissions/installation perspective. However, the publisher/source is unknown and there is no homepage or provenance metadata—if you rely on the factual accuracy (ownership, dates, valuations), verify key claims (e.g., acquisition details, revenues) against authoritative sources before using the content in decision-making or publishing. Because it contains only text and requires no credentials or installs, it cannot exfiltrate secrets or run code, but always vet content accuracy when source attribution is missing.

Purpose & Capability: okThe name/description (Supreme brand guide) matches the SKILL.md content: historical background, Drop模式, and collaboration analysis. There are no unexpected required binaries, env vars, or config paths.
Instruction Scope: okThe SKILL.md is purely informational and the read_when triggers are scoped to when brand information is needed. It does not instruct the agent to read local files, environment variables, or transmit data to external endpoints.
Install Mechanism: okNo install spec or code files are present (instruction-only), so nothing will be written to disk or downloaded during install.
Credentials: okNo environment variables, credentials, or config paths are requested; the skill does not ask for secrets or unrelated service tokens.
Persistence & Privilege: okalways is false and autonomous invocation is the platform default; the skill does not request elevated or persistent system-wide privileges.