Skillv0.2.1

ClawScan security

Chain-Referenced Shortform Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 12, 2026, 2:26 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's film-language content matches its description, but its runtime instructions ask the agent to load absolute local project files and to run/unverified CLI surfaces without declaring them — a mismatch that could let the agent read/write arbitrary user files or execute local tooling unexpectedly.
Guidance: This skill's guidance and reference docs are sensible for cinematic prompt engineering, but the runtime instructions tell the agent to load absolute local file paths (e.g., /Users/lebo/project/...) and to run CLI tools that the skill does not declare as requirements. That mismatch is risky because an agent following these instructions could read or write files on your machine or attempt to execute local commands. Before installing or enabling: (1) remove or edit the hard-coded absolute paths so the skill only uses its included references or uses user-supplied paths; (2) require and declare any CLI tools or binaries the skill will run (or avoid running them); (3) run the skill in a sandboxed environment if you must allow file access; (4) if you don't trust the source, prefer a copy of the SKILL.md that has the file-loading and CLI execution lines removed. If you want, I can produce a sanitized SKILL.md that removes absolute path references and makes required binaries explicit.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and included reference files (film-language, repo-mapping, review-rubric) are coherent with cinematic prompt-engineering and continuity tasks. However, the SKILL.md also references running CLI commands (e.g., 'uv run aivideo ...') and project-specific code paths that are not declared as required binaries or dependencies, which is inconsistent with the 'instruction-only, no requirements' metadata.
Instruction Scope: concernThe runtime instructions explicitly tell the agent to load local absolute paths (e.g., /Users/lebo/project/ai-video/src/ai_video_control/*.py). The skill metadata declared no required config paths or credentials, yet the instructions grant the agent discretion to open arbitrary project files and to 'load project-specific implementation files only if the user needs them' — an open-ended directive that could cause the agent to read sensitive local files. The SKILL.md also suggests writing artifacts (continuity_ledger.json) and running CLI surfaces, which expands the skill's runtime I/O without having declared those capabilities.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute; that is the lowest-risk install posture. There are no download URLs or extract steps.
Credentials: noteThe skill declares no environment variables or credentials, which is appropriate for a purely advisory/crafting skill. That said, the instructions reference running a CLI ('uv run aivideo ...') and reading/writing repository artifacts, so the skill implicitly expects local tooling and filesystem access even though none of these are declared in requires.env or required binaries.
Persistence & Privilege: okThe skill does not request 'always: true' and does not appear to modify other skills or system-wide agent settings. Autonomous invocation is permitted by platform defaults but not by itself a red flag here.