Back to skill
Skillv1.0.0
ClawScan security
Branding · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 11:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only branding guideline helper and its requirements, instructions, and files are consistent with that purpose — it requests no credentials, installs no code, and does not instruct accessing system data or remote endpoints.
- Guidance
- This skill appears to be a safe, self-contained set of branding guidelines and templates. Before using: (1) be mindful that any actual assets you generate (logos, fonts) may have licensing or trademark implications—verify font licenses and trademark status before publishing; (2) the skill may produce code snippets (Tailwind config) which you should review before copying into your codebase; (3) if you ask the skill to integrate with external services or to fetch/upload files, double-check where data is sent — the current SKILL.md does not instruct external network calls, but future prompts could request them. Overall, the package is coherent for its stated purpose.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md content: a brand identity / style-guide authoring assistant. There are no unrelated required binaries, environment variables, or config paths that would be disproportionate to creating brand guidelines.
- Instruction Scope
- okThe SKILL.md instructs the agent to guide users through brand personality, color palettes (OKLCH), typography, design tokens and tone of voice. It contains code snippets (Tailwind config) and a reference doc but does not direct the agent to read local system files, access credentials, or send data to external endpoints.
- Install Mechanism
- okNo install spec or code files are present — this is instruction-only. Nothing will be downloaded or written to disk by an installer, which minimizes supply-chain risk.
- Credentials
- okThe skill declares no required environment variables or credentials. The instructions do not reference hidden env vars or unrelated credentials. Requested access is proportional (none) to the stated purpose.
- Persistence & Privilege
- okThe skill is not marked always:true and uses default invocation rules. It does not request persistent privileges or modify other skills or system-wide settings.