ClawHub

favicon-generator

v1.0.1

When the user wants to implement, optimize, or audit favicon and app icons. Also use when the user mentions "favicon," "app icon," "browser icon," "touch ico...

0· 139·0 current·0 all-time
by@kostja94
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (favicon/app-icon guidance) matches the SKILL.md content: sizes, formats, implementation notes, and SERP guidance are all appropriate and expected. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Runtime instructions are focused on favicon implementation: checking project context files (.claude/project-context.md or .cursor/project-context.md), identifying tech stack, PWA status, assets, and producing tag/manifest suggestions. Reading project-context files is reasonable for brand-specific advice and is the only repository-file access requested.
Install Mechanism
No install specification and no code files — the skill is instruction-only, so nothing will be written to disk or downloaded. This is the lowest-risk install posture.
Credentials
The skill requests no environment variables, credentials, or config paths. Its guidance mentions third-party tools (e.g., RealFaviconGenerator, favicons npm) but does not attempt to install or require access to unrelated services or secrets.
Persistence & Privilege
always is false and the skill is user-invocable; disable-model-invocation is default (false) meaning the agent could call it autonomously — this is the platform default and not combined with other red flags here, so risk is low.
Assessment
This skill is an instruction-only helper for favicon and app-icon implementation and appears coherent with that purpose. Before installing or invoking it: be aware that it may read project context files (.claude/project-context.md or .cursor/project-context.md) to tailor advice — if those files contain sensitive data you don't want the agent to read, remove or redact them first. The skill may recommend external tools; verify any third-party tool or npm package before running it. No credentials or system installs are required by the skill itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk978m798xvfxyrtwpfjpwj5pkx83rm96

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments