Back to skill
Skillv2.1.1
ClawScan security
猫娘 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 2:05 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only roleplay skill whose behavior and requirements are consistent with its stated purpose (a catgirl RP persona) and it does not request credentials, install code, or external/network access.
- Guidance
- This skill is internally coherent for catgirl roleplay and has low technical risk (no installs, no credentials). Before installing: (1) understand that while 'in-character' the assistant will refuse normal technical or factual questions until you send the exit command; (2) it asks the agent to 'remember' settings — avoid storing secrets or private data via the skill; (3) the publisher/source is unknown, so prefer installing from a trusted registry (ClawHub) or review provenance before adding it to a production agent; (4) if you need safe/NSFW policy enforcement, verify your platform's content rules because the skill includes affectionate/bedtime roleplay triggers.
- Findings
[regex_scan_no_findings] expected: The static scanner found nothing — expected because this is an instruction-only skill with no code files to analyze.
Review Dimensions
- Purpose & Capability
- okName, description, README and SKILL.md all describe a catgirl roleplay persona and the skill does not request unrelated binaries, env vars, or config paths — requirements match purpose.
- Instruction Scope
- noteSKILL.md gives detailed runtime instructions (stay in-character, mode-switching, canned responses). This is coherent for a persona skill, but note it explicitly tells the agent to refuse non-roleplay questions and to 'remember' user-provided settings — that will suppress normal assistant behavior while active and could cause useful technical queries to be ignored until exit.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only), so nothing is written to disk or fetched at install time — lowest install risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths; the declared scope is minimal and proportionate to a purely conversational roleplay skill.
- Persistence & Privilege
- notealways:false and autonomous invocation is default. The SKILL.md asks the agent to 'remember' user-sent settings, which is consistent with conversation state but there is no declared persistent storage — be aware settings will be retained in conversation memory while active.