Mml
PassAudited by ClawScan on May 1, 2026.
Overview
This is a reference-only MML scene-building skill with no install code or credentials; the notable risks are expected MML features like client-side scripts and optional position/chat probes.
This looks safe to install as an instruction-only reference skill. Before publishing content it helps create, review any generated scripts, external asset URLs, links, frames, and position/chat probes, especially if the scene will be visited by other users.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A deployed scene could run scripted behavior for visitors, so mistakes or unsafe generated scripts could affect the scene experience.
The skill may help generate MML that runs client-side script logic in compatible runtimes. This is disclosed and central to interactive MML scenes, with no evidence of install-time or hidden local code execution.
MML supports scripting via inline `<script>` tags (standard DOM APIs).
Review generated `<script>` blocks and inline event handlers before publishing; avoid adding untrusted code or unnecessary network behavior.
If used in generated scenes, nearby users' movement or chat events may be processed by scene scripts.
The MML reference includes elements that can observe nearby users' position events and chat messages inside a scene. This is purpose-aligned for interactive environments, but it involves participant data flows.
## m-position-probe Track user positions within range. ## m-chat-probe Receive chat messages from nearby users.
Use position and chat probes only when needed, limit range and frequency, avoid storing or forwarding this data unless explicitly intended, and disclose the behavior to scene participants.