Back to skill
Skillv1.0.0
ClawScan security
acestep-songwriting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 3:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only songwriting guide that only provides structured guidance for captions, lyrics, and music parameters and does not request credentials, binaries, or perform installs — it is internally consistent with its stated purpose.
- Guidance
- This skill is an instruction-only songwriting guide and appears coherent and low-risk: it doesn't install code or ask for credentials. Before installing, note the source/homepage is unknown (no publisher website listed) — if that matters to you, prefer skills with identifiable authors. Also review generated lyrics for copyright or sensitive personal data before sharing or publishing.
Review Dimensions
- Purpose & Capability
- okThe name and description (songwriting guide for ACE-Step) match the SKILL.md content: guidance on captions, lyrics, and parameters. The skill requests no binaries, environment variables, or config paths, which is proportionate for an instruction-only songwriting helper.
- Instruction Scope
- okSKILL.md contains detailed, bounded instructions for building captions, lyrics, and music parameters. It does not instruct the agent to read files, access environment variables, contact external endpoints, or collect unrelated system data. allowed-tools: Read is consistent with an instruction-only document.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk. This is the lowest-risk install posture and matches the skill's purpose.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is appropriate for a prompt/guide focused on songwriting and introduces no credential access concerns.
- Persistence & Privilege
- okalways is false and default agent invocation settings apply. The skill does not request persistent/system-wide changes or elevated privileges, which is proportionate to its function.