ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Scaffold Art Script

v1.0.0

Build or convert Art Blocks generative art scripts using artblocks-mcp. Use when helping a user create, scaffold, port, or convert an art script for Art Bloc...

0· 126·0 current·0 all-time
by@ryley-o
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the instructions (scaffolding and conversion for Art Blocks). The skill does not request unrelated credentials or binaries, which is appropriate. However, the instructions assume the existence of a helper API/command (scaffold_artblocks_project) and a custom resource URI (artblocks://generator-spec) that are not included in the package — this is a capability gap the user should be aware of.
Instruction Scope
SKILL.md stays within the scope of Art Blocks scaffolding (determinism, tokenData, window.$features, Flex dependencies). It does not ask the agent to read unrelated system files or secrets. Concern: it explicitly directs the agent to "fetch artblocks://generator-spec" and to run/use a function named scaffold_artblocks_project; because this is an instruction-only skill with no code, that fetch or function call may fail or cause the agent/platform to attempt nonstandard URI handling. The instructions are prescriptive and could cause unexpected external fetches if the platform honors the URI scheme.
Install Mechanism
No install spec and no code files — lowest-risk delivery. Nothing will be written to disk by an installer from this skill package itself.
Credentials
No environment variables, credentials, or config paths are requested. That matches the skill's stated purpose and reduces risk.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide configuration. It does not request elevated privileges or modification of other skills.
What to consider before installing
This is an instruction-only skill that gives detailed, relevant guidance for creating or porting Art Blocks scripts and does not ask for secrets. Two things to check before using it: (1) The SKILL.md expects the agent/platform to be able to fetch a resource at artblocks://generator-spec — confirm whether your platform supports that URI scheme or provides that generator spec; otherwise the agent may fail or attempt an unexpected external fetch. (2) The document references a helper function scaffold_artblocks_project but provides no implementation; confirm whether your agent has an equivalent capability or whether the skill is meant as guidance for human/agent-authored code. If you want the agent to perform automated scaffolding that downloads dependencies (IPFS/Arweave), review and control those network accesses and any external assets before running. If you need, ask the skill author or publisher for the generator-spec source and an implementation of the scaffold function before trusting automated runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5wpzzabh6m72bcdyra9gax837snd
126downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@ryley-o
latest
Download

Scaffolding Art Blocks Projects

Always Fetch the Generator Spec First

Before any art script work, fetch this MCP resource:

artblocks://generator-spec

It contains the authoritative reference for: tokenData structure, hash-based PRNG patterns, FLEX dependency types (IPFS, Arweave, ONCHAIN, Dependency Registry), supported script types and library versions, HTML structure requirements, and window.$features. It also includes the step-by-step conversion guide for porting existing scripts.

Scaffolding a New Project

Use scaffold_artblocks_project to generate a ready-to-run index.html + starter art script.

Parameters

ParamOptions / Notes
scriptType"js" (vanilla), "p5js", "threejs"required
dependencyVersionp5.js: "1.0.0" or "1.9.0" (default). Three.js: "0.124.0", "0.160.0", "0.167.0" (default). Ignored for "js".
includePostParamstrue — adds ONCHAIN/PostParams (PMP) stubs in tokenData and example usage
includeFlexDependenciestrue — adds IPFS and Arweave dependency stubs with usage patterns
includeFeaturestrue — adds window.$features trait assignment stub

Note on Three.js v0.167.0: uses ES module import maps instead of a global <script> tag. This affects script type detection on-chain — see the generator spec for details.

Other supported script types

scaffold_artblocks_project covers vanilla JS, p5.js, and Three.js. Art Blocks supports many more via the on-chain dependency registry: regl, Tone.js, Babylon.js, A-Frame, Paper.js, Zdog, Processing, and custom types. See artblocks://generator-spec for the full list and how to reference them.

Converting an Existing Script

When a user has an existing piece to convert to Art Blocks format:

  1. Fetch artblocks://generator-spec — it contains a detailed step-by-step conversion guide
  2. Use scaffold_artblocks_project with the matching scriptType to get the correct HTML shell
  3. Walk through conversion:

Conversion checklist:

  • Replace Math.random() with hash-based PRNG derived from tokenData.hash
  • Replace hardcoded canvas dimensions with window.innerWidth / window.innerHeight
  • Ensure the initial render is deterministic from the hash alone — same hash must always produce the same initial visual output
  • Interactive elements (mouse, keyboard, touch) are allowed and encouraged, but must not change the initial render. Interaction should only modify the view after the artwork has loaded deterministically.
  • Remove any time-based variation (Date.now(), setTimeout) that affects the initial render (time-based animation after load is fine)
  • Extract visual traits into window.$features (optional but recommended for reveals) — features must be set synchronously before or during initial render
  • Verify determinism: reload the page with the same tokenData.hash and confirm identical initial output

When to Enable Each Flag

FlagEnable when...
includeFeaturesScript has distinct visual categories worth exposing as traits
includePostParamsScript will have configurable on-chain parameters after minting (PMP)
includeFlexDependenciesScript loads external assets from IPFS or Arweave

Comments

Loading comments...