Back to skill
Skillv1.0.1
ClawScan security
Xerox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 9:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that provides a Chinese-language company overview of Xerox; it requests no credentials, installs nothing, and its content and requirements match its stated purpose.
- Guidance
- This skill is a passive informational doc about Xerox and appears internally consistent. It does not request credentials or install software, but verify any factual claims (dates, revenue, market share) against up-to-date primary sources before using them for investment or operational decisions. If you require provenance or references, ask the publisher for source citations or prefer skills that cite authoritative data sources.
Review Dimensions
- Purpose & Capability
- okName/description (Xerox company/history/analysis) match the SKILL.md content. The skill does not request unrelated credentials, binaries, or system access that would be unnecessary for an informational/company-analysis skill.
- Instruction Scope
- okSKILL.md contains only topical content (history, business analysis, metrics) and a small 'read_when' list describing when to use it. It does not instruct reading files, accessing environment variables, calling external endpoints, or performing actions beyond returning/using the provided text.
- Install Mechanism
- okNo install specification and no code files — the skill is instruction-only, so nothing is written to disk or installed during enablement.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for sensitive data.
- Persistence & Privilege
- okalways is false (not force-included). disable-model-invocation is false (default autonomous invocation allowed), which is normal for user-invocable informational skills and not concerning by itself.