ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

blender-add-on-development

v1.0.0

Develop, debug, and upgrade Blender add-ons/plugins and `bpy` scripts with Blender 4.x and 5.x compatibility. Use when tasks involve generating new add-on co...

0· 332·2 current·2 all-time
by@seekerzero
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Blender add-on development) align with the included files and instructions: scaffolding script, compatibility references, and guidance for Blender 4.x/5.x. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to read local references, generate code with scripts/scaffold_addon.py, run py_compile, and optionally run local Blender headless smoke tests if Blender is present. It does not instruct reading arbitrary system files, exfiltrating data, or calling external endpoints.
Install Mechanism
No install spec is present (instruction-only plus a local scaffold script). Nothing is downloaded or extracted from external URLs, so there is no install-time code injection risk.
Credentials
The skill requests no environment variables or credentials. The only runtime dependency it mentions is an optional local Blender binary (used only for optional smoke tests), which is appropriate for the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. It only writes files to a user-specified output directory when the scaffold script is run.
Assessment
This skill appears coherent and safe for its purpose, but follow normal caution: review any generated add-on code before installing it into Blender, choose the output directory deliberately (the scaffold writes files there and may overwrite with --force), and only run Blender smoke tests using a Blender binary you control. The agent may invoke this skill autonomously (platform default) — that is expected, but if you want to restrict autonomous runs, disable model invocation in the agent settings. If you need higher assurance, run the scaffold script and any tests inside an isolated environment or temporary project folder first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97az3jf3mgc4sgkq810kzjg4582957x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments