Back to skill
Skillv1.0.0
ClawScan security
Doordash Company · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 6:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, informational skill about DoorDash (company history, business model, stats) with no installs, no credentials, and no behaviors that conflict with its description.
- Guidance
- This skill is an informational summary about DoorDash and appears internally consistent and low-risk. Note: the source/homepage is unknown and the owner is not a public organization—if you will rely on this for important decisions, cross-check the facts against authoritative sources (company filings, news, DoorDash's official site). Because it requests no credentials and has no install steps, it does not expose secrets or run code on your system.
Review Dimensions
- Purpose & Capability
- okThe name/description (DoorDash company) matches the SKILL.md content (timeline, business model, facts). There are no unrelated requirements (no env vars, no binaries).
- Instruction Scope
- okSKILL.md is purely descriptive text and 'read_when' metadata; it does not instruct the agent to read local files, call external endpoints, access credentials, or transmit data. Scope is limited to informational use.
- Install Mechanism
- okThere is no install specification and no code files to write or execute. Instruction-only skills present minimal installation risk.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. No sensitive access is requested or implied by the content.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). Given the skill is read-only informational text, there is no elevated persistence or privilege requested.