Mml
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A deployed scene could run scripted behavior for visitors, so mistakes or unsafe generated scripts could affect the scene experience.
The skill may help generate MML that runs client-side script logic in compatible runtimes. This is disclosed and central to interactive MML scenes, with no evidence of install-time or hidden local code execution.
MML supports scripting via inline `<script>` tags (standard DOM APIs).
Review generated `<script>` blocks and inline event handlers before publishing; avoid adding untrusted code or unnecessary network behavior.
If used in generated scenes, nearby users' movement or chat events may be processed by scene scripts.
The MML reference includes elements that can observe nearby users' position events and chat messages inside a scene. This is purpose-aligned for interactive environments, but it involves participant data flows.
## m-position-probe Track user positions within range. ## m-chat-probe Receive chat messages from nearby users.
Use position and chat probes only when needed, limit range and frequency, avoid storing or forwarding this data unless explicitly intended, and disclose the behavior to scene participants.