Skillv1.0.0

ClawScan security

Tim Cook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 17, 2026, 9:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a simple, instruction-only biography about Tim Cook with no installs, credentials, or system access requested — it behaves as advertised.
Guidance: This skill is a static biography and appears safe to install: it asks for no credentials, does not install software, and its instructions are limited to serving Tim Cook information. Consider that the content is static and may become outdated or contain minor inaccuracies—verify factual claims if accuracy is important. Also note the skill is user-invocable and can be called by the agent (normal behavior); there are no hidden data-exfiltration signals.

Purpose & Capability: okName, description, and runtime instructions are a short biography; no extra permissions, binaries, or credentials are requested and none are needed for this purpose.
Instruction Scope: okSKILL.md contains static biographical content and a small 'read_when' trigger list. It does not instruct the agent to read files, access environment variables, call external endpoints, or collect unrelated data.
Install Mechanism: okNo install spec and no code files — nothing is downloaded or written to disk.
Credentials: okNo environment variables, credentials, or config paths are required; requested scope is minimal and appropriate for a read-only biography.
Persistence & Privilege: okalways is false and autonomous invocation is allowed (the platform default). The skill does not request persistent or elevated privileges.