Back to skill
Skillv1.0.0
ClawScan security
blender-add-on-development · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 6:52 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements match its stated purpose (scaffolding and advising on Blender add-ons); it does not request unrelated credentials, install arbitrary software, or contact external endpoints.
- Guidance
- This skill appears coherent and safe for its purpose, but follow normal caution: review any generated add-on code before installing it into Blender, choose the output directory deliberately (the scaffold writes files there and may overwrite with --force), and only run Blender smoke tests using a Blender binary you control. The agent may invoke this skill autonomously (platform default) — that is expected, but if you want to restrict autonomous runs, disable model invocation in the agent settings. If you need higher assurance, run the scaffold script and any tests inside an isolated environment or temporary project folder first.
Review Dimensions
- Purpose & Capability
- okName/description (Blender add-on development) align with the included files and instructions: scaffolding script, compatibility references, and guidance for Blender 4.x/5.x. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md instructs the agent to read local references, generate code with scripts/scaffold_addon.py, run py_compile, and optionally run local Blender headless smoke tests if Blender is present. It does not instruct reading arbitrary system files, exfiltrating data, or calling external endpoints.
- Install Mechanism
- okNo install spec is present (instruction-only plus a local scaffold script). Nothing is downloaded or extracted from external URLs, so there is no install-time code injection risk.
- Credentials
- okThe skill requests no environment variables or credentials. The only runtime dependency it mentions is an optional local Blender binary (used only for optional smoke tests), which is appropriate for the stated purpose.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide changes or modify other skills. It only writes files to a user-specified output directory when the scaffold script is run.