High-Precision 3D Web Optimize
PassAudited by ClawScan on May 9, 2026.
Overview
The skill is a coherent local 3D model optimizer; review the optional Node/npm template before running because it executes local code and uses unpinned dependencies.
This appears safe for its intended use: optimizing local 3D assets. Before installing or running the reference workflow, pin the npm dependency versions, run it in a controlled project folder, and keep original model backups.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the template command will execute local code to process model files and write outputs.
The template is intended to run a local Node.js helper script. This is expected for an asset-optimization workflow, but it still means local code runs with the user's filesystem permissions.
"scripts": { "optimize": "node references/optimize-glb.mjs" }Run it intentionally in a project/work directory, review the script first, and keep backups of original assets.
A future or compromised dependency version could change behavior if the user installs from this template later.
The dependency template uses unpinned "latest" versions, so the exact installed code can change over time and is not reproducible from the reviewed artifact alone.
"@gltf-transform/core": "latest", "@gltf-transform/extensions": "latest", "@gltf-transform/functions": "latest", "draco3dgltf": "latest", "meshoptimizer": "latest", "sharp": "latest"
Pin dependency versions, use a lockfile, and install only from trusted package registries before running the optimizer.