Back to skill
Skillv1.0.0
ClawScan security
Uber Company · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 12:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, read-only informational skill about Uber; it requests no credentials, installs, or unusual privileges and its behavior matches its description.
- Guidance
- This skill is essentially a static article about Uber and appears safe to install from a security perspective: it asks for nothing and does not install code. Before relying on it, consider that (1) the SKILL.md may be truncated in the provided manifest — verify the full content if you need complete data, (2) factual claims and metrics (revenues, dates, partnerships) can become outdated or imprecise — cross-check with authoritative sources if you need accuracy, and (3) although the skill can be invoked autonomously by agents by default, its read-only nature limits risk. If you need source citations or up-to-date figures, ask the publisher for provenance or prefer skills that link to primary sources.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description (a company profile of Uber) align with its contents: a long-form company overview and metrics. It does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okSKILL.md contains only explanatory content and a 'read_when' list indicating contexts where the agent should consult the file. It does not instruct the agent to access system files, environment variables, external endpoints, or perform actions outside of reading/using this content.
- Install Mechanism
- okNo install spec and no code files are present. Because this is instruction-only, nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths, which is proportionate for a read-only informational skill.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; autonomous invocation is permitted by default but this skill's scope (static content) does not imply elevated privilege or persistent system modification.