ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Blender Animation

v1.0.1

Generate and render 3D animations using Blender headless mode, including scene setup, object and camera animation, lighting, and output to MP4 video.

0· 155·0 current·0 all-time
byVignesh G@vignesh8164

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for vignesh8164/blender-animation.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Blender Animation" (vignesh8164/blender-animation) from ClawHub.
Skill page: https://clawhub.ai/vignesh8164/blender-animation
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install blender-animation

ClawHub CLI

Package manager switcher

npx clawhub@latest install blender-animation
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill intends to run Blender in headless mode, which is coherent with its purpose, but the package metadata does not declare Blender as a required binary. skill.json lists only 'bash' as a tool; the SKILL.md expects a 'blender' binary on PATH. There's also a version mismatch: registry metadata version is 1.0.1 while skill.json contains 1.0.0. These inconsistencies mean the runtime requirements are not fully declared.
!
Instruction Scope
Runtime instructions direct the agent to generate a Blender Python script and execute it with Blender. A Blender (bpy) Python script has full access to Python runtime inside Blender and can: read arbitrary files, open network connections, call subprocesses, or perform other side effects. The SKILL.md lists prohibitions (no arbitrary shell commands, no access to /etc or /home), but there is no mechanism in the skill to enforce those limits — the generated script itself could violate them. The script path is /tmp/blender_script.py (attacker-writable location), increasing risk of accidental/intentional injection or replacement if the environment isn't isolated.
Install Mechanism
There is no install spec (instruction-only skill) and only a tiny wrapper script. That minimizes what the skill writes to disk. No remote downloads or extraction are present in the bundle.
Credentials
The skill declares no required environment variables or credentials, which is proportional. However, it implicitly requires a local 'blender' binary and access to /tmp; the absence of a declared binary requirement is an omission that could cause accidental misconfiguration or unexpected behavior.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent privileges or modify other skills. Autonomous invocation is allowed by default but not unusual and not in itself flagged here.
What to consider before installing
This skill will create and run a Blender Python script you or the agent generates. That script runs inside Blender's Python environment and can perform arbitrary file and network operations — the SKILL.md's stated 'no network / no sensitive files' rules are advisory only and not enforced by the skill. Before installing or invoking: - Only run this skill in a strict sandbox (container/VM) with no access to host files, credentials, or network unless explicitly needed. - Do not run unreviewed generated Blender Python scripts. Always inspect the script saved to /tmp/blender_script.py before execution. - If you control the environment, modify scripts/run_blender.sh to safely quote the path (use "blender -b -P "$SCRIPT_PATH" ...") to avoid shell-word-splitting/injection, and consider running blender under a user with minimal permissions. - Ensure the host has Blender installed and that you are comfortable granting it execution rights; the skill metadata does not declare this requirement. - If you need stronger guarantees, add runtime controls: disable Python execution in Blender if possible, restrict network egress, and mount /tmp to an isolated volume. Given these gaps between claimed constraints and what is actually executable, treat this skill as potentially dangerous unless used only in tightly sandboxed, monitored environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk977mmb4vf2kek5e2jh45cy3t583qcgt
155downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Vignesh G@vignesh8164
latest
Download

# Blender Animation Skill

## Purpose

This skill enables automated 3D animation generation using Blender in headless mode. It is designed for controlled, programmatic scene creation and rendering workflows in server or agent environments.

---

## When to use

Use this skill when:

- Generating 3D animations programmatically

- Creating motion graphics using Blender

- Rendering animation output without GUI

- Automating scene setup, lighting, and camera movement

Do NOT use this skill for:

- Arbitrary system command execution

- File system exploration outside task scope

- Network-based operations unless explicitly required

---

## Capabilities

- Scene creation using Blender Python (bpy)

- Object animation and transformations

- Camera setup and motion

- Lighting configuration

- Rendering animation to MP4 format

- Headless execution (no GUI)

---

## Execution Model

1. Generate a Blender Python script

2. Save script to:

/tmp/blender_script.py

3. Execute Blender in headless mode using:

scripts/run_blender.sh

4. Output is saved to:

/tmp/output.mp4

---

## Safety & Constraints

- Execution is limited to Blender-related operations only

- No arbitrary shell commands outside the defined script runner

- No modification of system files outside /tmp

- No access to sensitive directories (e.g., /etc, /home)

- Network access should not be used unless explicitly required

- Scripts must only perform scene creation and animation tasks

- Avoid large resource usage (default animation limit: 10 seconds)

---

## Sandbox Expectation

This skill is intended to run in a controlled or sandboxed environment such as:

- Containerized execution (Docker)

- Restricted agent runtime

- Limited-permission server environment

---

## Rules

- Always run Blender in headless mode

- Never open GUI

- Always generate a Python script before execution

- Keep animations under 10 seconds unless specified

- Always return output file path and logs

---

## Output

Return:

- Rendered video file (/tmp/output.mp4)

- Blender Python script used

- Execution logs

---

## Transparency Notice

This skill executes generated Python scripts within Blender.

Users should review generated scripts if operating in sensitive environments.

---

## Version

v1.0.1 — Security and safety improvements added

Comments

Loading comments...