Skillv1.0.0

ClawScan security

Brand Guidelines Anthropic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 2:31 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its stated purpose (applying Anthropic brand colors and typography); it is an instruction-only skill with no installs, credentials, or surprising actions, but provenance is unknown so exercise normal caution.
Guidance: This skill is internally coherent and low-risk: it only provides brand color and typography guidance and includes no installers, credentials, or hidden endpoints. Before installing, consider: (1) provenance — the source/homepage is unknown, so verify the publisher if you need stronger trust; (2) trademark/licensing — using Anthropic branding in products may require permission from Anthropic despite the Apache license included; (3) runtime access — the agent will need access to any files you want restyled (so limit file permissions to only the artifacts you want processed); and (4) fonts/tools — the skill assumes system-installed Poppins/Lora or use of python-pptx for programmatic changes, so ensure those are present if you expect automated application. If you require higher assurance, ask the publisher for a verified source or more provenance information before enabling the skill.

Review Dimensions

Purpose & Capability: okName/description match the SKILL.md content (brand colors, typography, application guidance). The skill does not request unrelated credentials, binaries, or config paths — everything requested (none) is proportional to the stated purpose. Note: the package source/homepage is unknown which reduces provenance confidence but does not create an incoherence between purpose and capabilities.
Instruction Scope: okSKILL.md contains only styling guidelines and implementation notes (mentions python-pptx's RGBColor class and system fonts). It does not instruct the agent to read arbitrary system files, exfiltrate data, call unknown endpoints, or perform actions outside applying branding. It does imply access to the artifacts you want styled (expected for this kind of skill).
Install Mechanism: okInstruction-only (no install spec, no code files). This is low-risk: nothing will be written or downloaded by an installer included with the skill.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths — which is appropriate for a design/style guidance skill. The SKILL.md does reference system fonts (Poppins, Lora) and python-pptx usage, which are reasonable implementation notes and not secrets.
Persistence & Privilege: okalways:false and default model invocation settings are used. The skill does not request elevated or persistent system privileges and does not modify other skills or global agent settings.