v1.0.0

Browser key (auto created by Firebase)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:03 AM.

Analysis

This is an instruction-only greeting skill with no code, credentials, install steps, or data access, though its registry/name metadata is inconsistent.

GuidanceThis skill only tells the agent how to greet you based on the time of day. The main thing to notice is the inconsistent naming/metadata, which is worth clarifying with the publisher but does not by itself show malicious behavior.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Name: Browser key (auto created by Firebase) ... Registry metadata: Slug: wellcome ... _meta.json ... "slug": "greetr"

The visible name, registry slug, embedded metadata slug, and SKILL.md name do not align, which is a provenance/packaging inconsistency even though the actual skill instructions are harmless.

User impactThe skill appears to be a simple greeter, but its metadata may make it harder to confirm exactly what package or publisher record it belongs to.

RecommendationInstall only if you are comfortable with the publisher/package identity mismatch; the maintainer should align the name, slug, and metadata.