ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GPU shader toolkit

v1.0.0

Expert GPU shader development toolkit covering HLSL, GLSL, MSL, WGSL, ReShade FX, Unity ShaderLab, and WebGL. Features cross-language conversion, GPU perform...

0· 40·0 current·0 all-time
by@darkd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description promise shader development, conversion, optimization, and compiled‑shader analysis; the SKILL.md consistently instructs building and using nvcachetools, nvdisasm/envytools, and DirectX decompilers — all directly related to that purpose. Requested actions (clone repos, compile tools, disassemble shader binaries, read shader caches and PAKs) match the declared functionality.
Instruction Scope
The runtime instructions explicitly direct reading local driver shader cache directories (~/.nv/GLCache, %LOCALAPPDATA%\NVIDIA\GLCache) and game archives/PAKs to extract compiled shaders, and to run/compile third‑party tools. Those operations are within scope for compiled‑shader analysis but do grant the skill access to local files (game assets, driver caches). The SKILL.md does not instruct exfiltration to external endpoints, but it does rely on local filesystem access and running user‑installed/proprietary tools.
Install Mechanism
There is no install spec; SKILL.md recommends cloning GitHub repos and building tools with gcc, and using official NVIDIA or open source projects. These are standard developer steps and use well known hosts (GitHub, NVIDIA). No obscure download URLs, shorteners, or archive extraction from unknown servers are present.
Credentials
The skill declares no required environment variables or credentials. The instructions suggest optionally setting __GL_SHADER_DISK_CACHE_PATH and relying on locally available driver caches and installed tooling (gcc, CUDA/nvdisasm). No secrets, tokens, or unrelated service credentials are requested.
Persistence & Privilege
The skill is not forced always-on and defaults permit user invocation or autonomous use (platform default). It does not request persistent system configuration or modifications to other skills. Because it can be invoked by the agent, be mindful that its instructions include filesystem and build steps — but that is consistent with its purpose.
Assessment
This skill appears internally consistent for shader development and compiled‑shader analysis, but note these practical considerations before use: - It instructs reading local driver shader caches and game archives (PAK files) to extract compiled shaders — ensure you have legal permission to inspect those files and understand potential IP/legal issues. - You (or the agent) will need developer tooling (git, gcc) and possibly the NVIDIA CUDA tools/nvdisasm; building code from GitHub runs arbitrary build scripts — review the referenced repos before running builds. - The skill does not request secrets, but it does need filesystem access; if you run this in an automated agent, consider running it in a sandbox/VM or only invoking it interactively. - If you care about provenance, verify the linked GitHub projects and consider obtaining nvdisasm/CUDA from official NVIDIA sources rather than third‑party mirrors.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbd80s77z3ttprpwg6n0zqh84pxzd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments