Back to skill
Skillv1.0.0
ClawScan security
Cb Overseas Talent Playbook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 6:23 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a purely descriptive playbook with no code, no installs, and no requested credentials; its declared requirements and runtime instructions are internally consistent with the stated purpose.
- Guidance
- This skill appears to be a content-only playbook and does not require credentials or network access. Before installing or invoking: avoid pasting sensitive credentials or private PII into prompts; treat any legal, tax, immigration, or employment recommendations as high-level guidance and consult local professionals before acting; verify the skill output against current local regulations and company policies. If you need the agent to take actions (post, hire, or pay) integrate only vetted automation tools with minimal, purpose-scoped credentials.
Review Dimensions
- Purpose & Capability
- okName, description, and metadata all describe a descriptive playbook for overseas hiring; the package declares no binaries, no env vars, no config paths, and the ACCEPTANCE.md explicitly requires it be purely descriptive. Requested capabilities match the stated purpose.
- Instruction Scope
- okSKILL.md instructs the agent to collect user context and produce structured frameworks, checklists, and next steps. It explicitly states it will not execute code, call APIs, access the network, or exfiltrate data. No instructions reference reading unrelated files, system paths, or credentials.
- Install Mechanism
- okNo install specification is present (instruction-only skill). No downloads, packages, or extract steps exist — lowest-risk pattern for skills.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. There are no credentials requested that would be disproportionate to a descriptive playbook.
- Persistence & Privilege
- okalways is false (not forced into every agent run); model invocation is allowed (normal behavior). The skill does not request persistent presence or modify other skills or system settings.