Back to skill
Skillv1.0.0
ClawScan security
Shake Shack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 11:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only, read-only summary about Shake Shack and requests no credentials, installs, or special privileges — its declared purpose matches its behavior.
- Guidance
- This skill is a static informational profile about Shake Shack and appears coherent and low-risk. The only minor trust consideration is that the source/homepage are unknown — the content may be out of date or unverified. If you require authoritative, up-to-date data (financials, legal status), prefer skills or feeds that cite primary sources (NYSE filings, company site). If you are concerned about autonomous invocation, you can disable model invocation for this skill in your agent settings, but there are no technical red flags requiring that step.
Review Dimensions
- Purpose & Capability
- okName and description describe a company profile; the skill contains only informational content and requests no binaries, env vars, or installs — this is proportionate to a reference/knowledge skill.
- Instruction Scope
- okSKILL.md provides background, timeline, business-model analysis and 'read_when' triggers for topical context; it does not instruct the agent to read unrelated files, access credentials, or transmit data to external endpoints.
- Install Mechanism
- okNo install spec and no code files are present, so nothing will be written to disk or executed during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — there is no disproportionate access requested.
- Persistence & Privilege
- okalways is false and model invocation is allowed (the platform default). The skill does not request persistent or elevated system privileges and does not modify other skills or system settings.