Skillv1.1.1

ClawScan security

[Nyx Archive] Game Design Philosophy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 7:15 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's claimed purpose (learning and adapting to a designer's instincts) matches its instructions and requested footprint; the main concern is privacy/vagueness around its 'always-on' passive learning behavior rather than any incoherence or unnecessary privileges.
Guidance: This skill is coherent with its description: it passively learns your game-design preferences from conversation and uses that to tailor advice. Before installing, consider privacy implications: 'observe and note' and 'always on' are vague — ask how long preferences are retained, whether data from unrelated chats could be used, and how to opt out or reset learned preferences. Because it's instruction-only and requests no secrets or installs, there's low technical risk, but review your agent's data-retention/permissions settings if you don't want personalization to persist across sessions.

Review Dimensions

Purpose & Capability: okThe name/description (adaptive game-design philosophy) aligns with the SKILL.md instructions: observe conversational signals about design preferences and apply them when giving guidance. There are no unrelated requests (no credentials, binaries, or config paths) that would contradict the stated purpose.
Instruction Scope: noteInstructions explicitly ask the agent to 'observe and note' design-related aspects of user conversation and then apply those learnings to future project work. That behavior is consistent with personalization, but the language is broad/vague (e.g., 'observe and note', 'always on'), which could result in harvesting context from unrelated conversations or retaining sensitive details unless constrained by agent policies.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk and no third-party packages are pulled in. Low install/remote-code risk.
Credentials: okSkill declares no required environment variables, credentials, or config paths. The requested data (conversation context) is appropriate for a personalization skill; no disproportionate secret access is requested.
Persistence & Privilege: notealways is false (not force-included) and autonomous invocation is allowed (the platform default). The SKILL.md's 'Passive Learning (Always On)' phrasing implies persistent behavioral adaptation across conversations, which is a privacy/retention concern but not an incoherence with its purpose. Users should verify platform data-retention and opt-out controls.