Back to skill
Skillv0.1.0
ClawScan security
daily-dxc-briefing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 10, 2026, 4:21 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that scrapes the listed websites and search results to produce a daily business briefing; its requested footprint (no installs, no env vars, no extra privileges) matches the described purpose.
- Guidance
- This skill is internally consistent and does what it says: it scrapes the listed company and client sites and runs time-limited searches to produce a short briefing. Before installing, confirm the agent environment has a web-reading/search tool and that scraping these sites is permitted by your corporate policy and by the sites' terms/robots.txt. If you want to avoid the skill running without explicit user request, consider disabling autonomous invocation in platform settings. Also review references/source.md to ensure the listed client sources are correct and not sensitive/private endpoints.
Review Dimensions
- Purpose & Capability
- okThe name/description (daily company briefing aggregating jxcpp.com, dxc.com, and core client sites) match the SKILL.md workflow. No unrelated credentials, binaries, or install steps are requested. Required sources are explicitly listed (and references/source.md is provided).
- Instruction Scope
- noteInstructions are tightly scoped to web scraping of specified sites, time-filtered searches, de-duplication, and summary formatting. This relies on the agent having a web-reader/search tool. Consider adding explicit guidance about respecting robots.txt, rate limits, and paywalled content—the SKILL.md already mentions handling paywalled content via public summaries.
- Install Mechanism
- okNo install spec and no code files — lowest-risk deployment model (instruction-only). There is nothing downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The actions described (web fetches and search queries) do not require sensitive local credentials, so requested access is proportionate.
- Persistence & Privilege
- noteThe skill does not set always:true and does not request special privileges. Model invocation is not disabled (default behavior), so the agent could invoke it autonomously if platform policies allow — this is normal but worth noting if you want to prevent automated runs.