Skillv0.1.2

ClawScan security

Pencil Renderer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (translate DNA codes to Pencil .pen frames) matches its instructions and references, and it requests no extra credentials or installs—behavior is internally consistent.
Guidance: This skill appears to do exactly what it says: translate DNA codes into Pencil frames using the Pencil MCP backend. Before installing, confirm that your platform's MCP integration is trusted and that any credentials for Pencil MCP are managed by the platform (not this skill). Note that MCP-side operations may include AI image generation (G(..., "ai", ...)) and creating/storing .pen files/screenshots — consider whether those outputs may be visible to other users or logs in your environment. If you rely on sensitive or proprietary DNA inputs, ensure the MCP service's data handling/privacy policies meet your requirements. No environment variables or local installs are required by the skill itself.

Purpose & Capability: okName/description match the SKILL.md and reference files: all operations are calls to a Pencil MCP surface (mcp__pencil__*) to open documents, map DNA axes to Pencil properties, run batch design operations, and capture screenshots. Nothing in the package asks for unrelated cloud or system credentials or tools.
Instruction Scope: okRuntime instructions are narrowly scoped to Pencil MCP operations (get_editor_state, open_document, get_style_guide, batch_design, get_screenshot) and to deterministic DNA→Pencil mappings from the provided references. The only potentially notable operation is G(..., "ai", ...) which triggers MCP-side image generation — this is consistent with rendering and is called via the MCP API, not by the skill reading arbitrary system files or env vars.
Install Mechanism: okInstruction-only skill with no install spec, no external downloads, and no code executed locally — lowest install risk.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. That matches its instructions which call the platform's MCP APIs rather than asking for secrets directly.
Persistence & Privilege: okalways is false and there is no indication the skill modifies other skills or system settings. The skill can be invoked autonomously (platform default), which is expected for an orchestrator-invoked renderer.