Skillv1.1.0

ClawScan security

theranos · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 12:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a read-only informational skill about the Theranos fraud case; it contains no code, does not request credentials or install anything, and its behavior matches its description.
Guidance: This skill is low-risk: it's an informational article about the Theranos scandal and doesn't ask for secrets or install software. Two practical reminders before installing: (1) provenance is unknown and there's no homepage — verify facts against primary sources (WSJ reporting, SEC filings, court records) if you need authoritative citations, and (2) treat the content as historical analysis rather than legal or medical advice. Other than that, the skill's footprint is minimal and coherent with its stated purpose.

Purpose & Capability: okThe name and description promise an analysis of the Theranos case. The skill is instruction-only (a static SKILL.md) and requires no binaries, env vars, or config paths — all of which are appropriate for a purely informational summary.
Instruction Scope: okSKILL.md contains historical narrative, timelines, and analysis contexts (read_when). It does not instruct the agent to read local files, access environment variables, call external endpoints, execute commands, or transmit data. The instructions stay within the stated informational purpose.
Install Mechanism: okNo install spec and no code files are present. Because nothing will be written to disk or downloaded, install risk is minimal.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no disproportionate or unexplained secret requests.
Persistence & Privilege: okalways is false and the skill does not request any privileged or persistent presence. The default allowance for autonomous invocation is present but not concerning given the skill's read-only nature.