Skillv1.0.2

ClawScan security

Tiny Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 9:04 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with a kid-focused HTML project builder; there are no clear mismatches between what it claims to do and what it asks the agent to do, but it does post user-created HTML to an external service and writes session logs/tokens to disk which raise privacy/operational considerations.
Guidance: This skill appears to do what it says (create kid-friendly single-file HTML projects) and uses gui.new to publish playable links. Before installing: 1) Verify you trust the external service gui.new (review its privacy policy and data retention) because the skill uploads full HTML content and receives an edit_token. 2) Decide how edit_tokens and session logs should be stored — the SKILL.md instructs saving tokens and parent logs to ~/tiny-builder; consider storing tokens in a secure store or in-memory only and limit who can read parent-log.md. 3) Be aware that parent-log.md and project files will include session transcripts and project content (possible PII); review retention and access controls. 4) If you prefer no external uploads, modify the skill to skip gui.new by default or require explicit parent approval for publishing. 5) Inspect the templates/examples (included) yourself — they are static HTML and look benign. If you need higher assurance, run the agent in a sandboxed environment and confirm it cannot access other system files or network endpoints beyond gui.new.

Review Dimensions

Purpose & Capability: okName/description, templates, examples, and SKILL.md all describe building single-file HTML projects and publishing them. The included templates/examples and the instructions to save projects locally align with the stated goal; requiring gui.new publishing is coherent with the 'instant playable links' feature.
Instruction Scope: noteSKILL.md gives explicit runtime steps: generate a single-file HTML, POST to https://gui.new/api/canvas to create a playable link, save the returned id/edit_token for session updates, and back up files to ~/tiny-builder/projects and parent-log.md. These instructions are within scope for the stated purpose, but they direct the agent to transmit full user-created HTML (and implicit conversation context) to an external endpoint and to persist session logs locally, which are privacy-sensitive actions and worth reviewing.
Install Mechanism: okInstruction-only skill with no install spec and no code execution beyond generating/writing static HTML and using builtin browser APIs in the examples. Low footprint; nothing is downloaded or executed on install.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportional. However, the runtime workflow expects the gui.new service to return an edit_token that the agent is instructed to save and use for updates; that introduces a bearer token the agent may persist locally even though no credentials were declared. Storing such tokens in project/parent-log files is a privacy/secret-handling concern.
Persistence & Privilege: notealways:false and no elevated platform privileges. The skill expects to write project files (~/tiny-builder/projects/) and a parent log (~/tiny-builder/parent-log.md), which is coherent for a parent-dashboard feature but means session transcripts and created content will be stored on disk and possibly include sensitive user input. Autonomous invocation is allowed by default (normal), so consider who can start sessions.