Back to skill
Skillv1.0.0
ClawScan security
Yum! Brands · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 4:10 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This skill is an instruction-only content card about Yum! Brands and requests no binaries, credentials, or installs — its declared purpose matches its runtime content, though the publisher/source is unknown so verify provenance before trusting it.
- Guidance
- This skill is internally coherent and low-risk: it only provides a static briefing on Yum! Brands and asks for no credentials or installs. However, the publisher/source is unknown and there are no citations in the content — verify any business facts with authoritative sources before acting on them. If you prefer higher assurance, pick skills with a known homepage/owner or with referenced sources. Also note that, like all skills, it may be invoked by the agent when relevant (default behavior); if you want to prevent automatic use, disable model invocation for this skill in your agent settings.
Review Dimensions
- Purpose & Capability
- okThe name/description advertise a factual summary of Yum! Brands; the SKILL.md contains history, business model, and metrics consistent with that purpose. There are no unrelated requirements (no env vars, no binaries).
- Instruction Scope
- okThe instructions are purely informational and include 'read_when' triggers for relevant user queries. They do not instruct the agent to read files, access environment variables, call external endpoints, or transmit data beyond normal agent responses. (Note: the content is a static summary and may be outdated or lack citations.)
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill; nothing is written to disk or fetched at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate access requested.
- Persistence & Privilege
- okalways:false and user-invocable:true. The skill can be invoked autonomously (platform default), which is normal for skills; it does not request persistent privileges or modify other skills/settings.