Skillv2.0.0

ClawScan security

Musecard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 3:40 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only creative assistant that produces image-generation prompts and optionally calls an image generator; it requests no credentials, installs, or unusual system access.
Guidance: This skill appears coherent and low-risk from a security perspective: it only contains instructions for generating image prompts and optional image generation, and it asks for no credentials or installs. Before using it, consider: 1) The style prompts reference recognizable artists/IP (e.g., 'Jimmy Liao style', 'Genshin-like official art'); if you care about copyright or platform policy, avoid requesting exact artist imitations or check whether your image generator permits style mirroring. 2) The skill's allowed-tools include Read/Write and imageGenerate—confirm what those tools can access on your platform (for example, a Read tool could expose user files if misconfigured). 3) The skill will generate visual text content you may post publicly—avoid including private or sensitive personal data in prompts. If you want additional assurance, request the author/source or a copy of any image-generation provider settings the skill will use.

Review Dimensions

Purpose & Capability: okThe skill's name/description (creating 9:16 emotional card illustrations for social media) matches the SKILL.md: it defines styles, workflows, prompt templates, and optional use of an imageGenerate tool. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: okSKILL.md stays on task: it instructs the agent how to interpret user input, choose/lock style, produce 3 copy options if needed, create complete image prompts, and incrementally add '萌点' when requested. It does not direct the agent to read arbitrary system files, exfiltrate data, or send data to external endpoints. One note: it mentions using imageGenerate and a specific model name (gemini-3.1-flash-image-preview) — this is a normal runtime preference, not a secret or file-access instruction.
Install Mechanism: okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written during install, which minimizes filesystem risk.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The requested capabilities (prompt generation and optional image generation) do not require additional secrets, so the lack of env/credentials is proportionate.
Persistence & Privilege: okalways is false and the skill does not request permanent presence or modify other skills. It is user-invocable and can be called autonomously by the agent (platform default), which is expected for this kind of skill.