Skillv1.0.0

ClawScan security

Character Consistency Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 10:30 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only prompt-engineering workflow for keeping character appearance consistent across AI-generated shots; its requirements and instructions are coherent with that purpose and it does not request credentials or install code.
Guidance: This skill is an instruction-only workflow for prompt engineering and asset organization; it does not install code or ask for credentials. Before using it, consider: (1) the workflow assumes you will reference local reference images — ensure those files are ones you own or have permission to use and do not contain sensitive personal data you don't want processed; (2) using models (Seedance, Nano Banana, etc.) may require separate API keys or services you must configure yourself — never paste secrets into prompts; (3) if you run the agent with filesystem access, be mindful that prompts referencing local paths imply the agent or the model client can read those assets; restrict agent permissions if you do not want it to access unrelated files; (4) the guidance is focused on prompting and asset management, not on legal/ethical rules for using likenesses — confirm consent and licensing for any real-person imagery.

Purpose & Capability: okThe name/description (character consistency for multi-shot AI generation) matches the content: prompt templates, token system, asset preparation and folder layout. There are no unrelated env vars, binaries, or installs requested.
Instruction Scope: noteThe SKILL.md instructs the agent to embed local reference image paths (e.g., ./characters/...) and to reuse token blocks in prompts — this is appropriate for the stated goal. Note: it implies use of local project assets; the skill does not declare system config paths or credentials, nor does it include commands that read arbitrary system files, but an agent executing these prompts would need access to the referenced project files.
Install Mechanism: okNo install spec and no code files are present; the skill is instruction-only so nothing will be written to disk or downloaded by the skill itself.
Credentials: okNo environment variables, credentials, or external tokens are required by the skill. Model/service names are referenced (Seedance, Nano Banana, LibLib, 即梦) but providing API keys or platform credentials would be a separate, user-managed step — nothing disproportionate is requested here.
Persistence & Privilege: okalways is false and the skill is user-invocable; autonomous invocation is allowed by platform default but the skill does not request elevated or persistent privileges nor does it modify other skills or system-wide settings.