Core Refinery
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Core Refinery is an instruction-only synthesis skill whose main caution is that user-provided source material may be processed by the configured model and reflected in reusable summaries.
This skill appears safe for its stated purpose. Before installing or using it, consider whether the sources you provide are allowed to be processed by your configured model provider, and review any synthesized or shareable outputs before treating them as canonical or sharing them publicly.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or proprietary source material provided for synthesis could be sent to the user's configured cloud model provider.
The skill may process the user's supplied sources through the model provider configured for the agent. This is disclosed and purpose-aligned, but matters for confidential inputs.
If your agent uses a cloud-hosted LLM (Claude, GPT, etc.), data is processed by that service as part of normal agent operation.
Use only sources that are allowed under your model/provider policy, or use a local/private model or redact sensitive material before synthesis.
A synthesized summary could preserve mistakes, biases, or confidential details from the input sources if reused without review.
The skill encourages reuse of synthesized conclusions as canonical material. This is central to the skill and it includes caveats, but users should review outputs before relying on them.
"Use Golden Master candidates as your canonical source"
Treat Golden Master outputs as candidates, review them against the original sources, and avoid sharing or reusing them where confidential source-derived content would be inappropriate.