Visual Prompt Engine
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears benign: it generates image prompts using local reference data and optional Dribbble collection, with disclosed local history and optional automation to notice.
This skill looks appropriate for generating image prompts. Before installing, be aware that its helper scripts can fetch public Dribbble data and write local JSON files, and that prompt history may persist locally. Verify the package source before running scripts or optional dependencies, and only enable the daily cron refresh if you want ongoing background updates.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run the included scripts, you are trusting code from a package with limited registry provenance.
The registry context provides limited provenance while the skill includes runnable helper scripts. This is a provenance note, not evidence of malicious behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill. Code file presence: 2 code file(s)
Review the scripts and source location before running them, and install only from a trusted ClawHub or repository source.
Your agent may make web requests or browser visits to Dribbble from your environment.
The skill may direct the agent to use browser or scraping tools to collect public design references. This is central to the skill's purpose, but it involves third-party web access and should remain user-directed.
Browse `https://dribbble.com/shots/popular` with a browser tool (Camofox, Playwright, etc.)... Alternative: RSS/HTML (may be blocked by WAF)
Use this collection workflow only when you want it, keep request counts modest, and respect the target site's terms and access limits.
Image prompt text, and potentially parts of user creative requests, may remain in a local history file and influence later outputs.
The skill keeps a local prompt history and reuses it across future prompt-generation tasks. This is disclosed and purpose-aligned for deduplication, but it is persistent context.
Check against recent prompts in `data/prompt_history.json` to prevent repetition; Append the new prompt to history
Avoid using highly sensitive prompt content with this skill, or periodically clear `data/prompt_history.json` if you do not want prior prompts reused.
If you set up the cron job, the skill may periodically fetch references and update local data without a new prompt request.
The documentation describes optional recurring refresh automation. It is not installed automatically in the artifacts, but enabling it would create ongoing background activity.
Automation (Optional) Set up a daily cron to refresh visual references
Only enable the cron job if you want recurring refreshes, and document where it runs and which files it updates.