Back to skill
Skillv1.0.0
ClawScan security
AI Combat Shot Prompts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 10:30 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: it is an instruction-only prompt authoring guide for cinematic combat scenes and it neither requests credentials nor installs code or reaches out to external endpoints.
- Guidance
- This skill is an instruction-only prompt-authoring guide for cinematic fight/duel scenes and does not require credentials or install code, so its security footprint is small. Things to consider before installing: 1) The guidance produces vivid/graphic combat imagery (blood, gore, injuries). Ensure generated outputs comply with your platform's content policies and age restrictions. 2) Because it’s an instruction-only skill, review and test outputs in a sandbox to confirm they meet moderation and safety rules for wherever you will use them. 3) If you are concerned about autonomous invocation, keep the skill user-invocable only (default) rather than enabling automatic runs. 4) No technical red flags were found, but always review any prompt outputs for privacy-sensitive content before publishing to third-party platforms.
Review Dimensions
- Purpose & Capability
- okName/description match the contents: SKILL.md and reference files are detailed guidance for converting terse fight descriptions into cinematography-aware prompts. There are no unrelated credentials, binaries, or install steps requested that would be disproportionate to a prompt-writing skill.
- Instruction Scope
- okRuntime instructions are purely about how to compose prompts (physical/action parameters, lighting, camera, platform wording). They do not instruct reading system files, accessing environment variables, contacting external endpoints, or exfiltrating data. The instructions are detailed but stay within the stated purpose.
- Install Mechanism
- okNo install spec and no code files — this is instruction-only. That is the lowest-risk install model and matches the skill's stated function.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Nothing in the instructions accesses secrets or external service tokens.
- Persistence & Privilege
- okFlags are default (always: false, user-invocable true). The skill does not request elevated or persistent platform privileges, nor does it modify other skills or system settings.