Back to skill
Skillv2.0.0
ClawScan security
Research Report Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 10:11 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and scope align with its stated purpose as a research-report writing assistant; it is an instruction-only skill with no installs or credential requests.
- Guidance
- This skill is instruction-only and internally consistent with being a research-report assistant. Before installing: (1) confirm your agent has appropriate web access if you want live source lookups; (2) do not provide paid-subscription credentials or sensitive company documents unless you intend the agent to access them — the skill does not require such secrets but could ask for them to fetch paywalled reports; (3) verify facts and citations the model produces (LLMs can hallucinate statistics or sources); and (4) if you want the agent to analyze private documents, supply them explicitly and consider privacy/NDAs. Overall the skill appears coherent, but exercise standard caution around data accuracy and sharing of credentials or proprietary information.
Review Dimensions
- Purpose & Capability
- okThe name/description (industry research reports, market analysis) match the SKILL.md content. No unrelated binaries, env vars, or config paths are requested and the recommended sources and frameworks are proportionate to the stated goal.
- Instruction Scope
- noteThe instructions tell the agent to 'search for recent industry reports and market data' and to prioritize public/reputable sources. This is consistent with the purpose, but implicitly requires the agent to use external web access or user-provided documents. The skill does not instruct reading unrelated local files or requesting unrelated credentials.
- Install Mechanism
- okNo install specification or code files are present (instruction-only). Nothing will be written to disk during an install step.
- Credentials
- okNo environment variables, credentials, or config paths are required. The skill does not request access to unrelated services or secrets.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system presence or modify other skills or system settings. Autonomous invocation is allowed by platform default but is not combined with elevated privileges here.