blender-add-on-development
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for Blender add-on development and only shows user-directed local code generation and validation behavior.
This appears safe for its stated Blender development purpose. Before using it, confirm the output directory, avoid --force unless intentional, and review generated Python before running it in Blender.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong directory or run with --force, the scaffold could overwrite existing add-on files.
The scaffold script can create files in a user-chosen directory and can overwrite existing scaffold files when --force is used. This is expected for a generator, and the default path prevents overwrites unless explicitly requested.
parser.add_argument("--output", default=".", help="Directory where the add-on package folder will be created.") ... parser.add_argument("--force", action="store_true", help="Overwrite existing files in an existing add-on directory.")Choose the output directory carefully and avoid --force unless you have backed up or reviewed the target files.
A smoke test or generated add-on script will run locally if the agent/user executes the Blender validation command.
The workflow includes optional execution of Python inside Blender for validation. This is purpose-aligned for add-on development, but it is still code execution in the local Blender environment.
If Blender binaries are available, run headless smoke tests: - `blender --background --factory-startup --python <smoke_test.py>`
Review generated or modified Python files before running Blender smoke tests, especially when task inputs come from untrusted sources.