Back to skill
Skillv1.0.0
ClawScan security
Film Lighting Bible · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 10:30 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only reference for cinematic lighting and prompt templates; its files, instructions, and requirements align with that purpose and request no unusual permissions or installs.
- Guidance
- This skill appears internally consistent and low-risk: it only supplies lighting rules, HEX codes, and prompt templates for AI image/video generation. Before enabling it: (1) spot-check the generated prompts and outputs for unwanted style or copyrighted references; (2) avoid feeding private or sensitive data into prompts you construct with the skill; and (3) if you restrict autonomous skill use, consider disabling model-invocation for this skill so an agent can't call it without your explicit action.
Review Dimensions
- Purpose & Capability
- okName, description, and included reference files all describe film/photography lighting guidance and prompt templates. There are no environment variables, binaries, or config paths required that would be unrelated to the stated purpose.
- Instruction Scope
- okSKILL.md and the two reference documents only provide guidance, terminology, color tables, and prompt examples for lighting. There are no runtime commands, file-system access instructions, or external endpoints referenced; the instructions stay within the stated scope.
- Install Mechanism
- okNo install specification and no code files — this is instruction-only. Nothing is downloaded or written to disk by an installer, so install risk is minimal.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The content does not attempt to read or require secrets, so requested privileges are proportionate to the stated functionality.
- Persistence & Privilege
- noteThe skill is not marked always:true and is user-invocable; model invocation is permitted (the default). That autonomous-invocation capability is standard for skills and is not, by itself, a red flag — but users who restrict autonomous actions should be aware the skill could be used by an agent unless model-invocation is disabled or eligibility rules are applied.