Back to skill
Skillv1.0.0
ClawScan security
Game Design Flow Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 8:15 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only game-design audit that asks for no credentials, binaries, installs, or external endpoints and its instructions stay within the stated purpose.
- Guidance
- This skill appears internally consistent and low-risk because it's instruction-only and asks for nothing external. Before using, avoid pasting private or sensitive documents (proprietary code, player PII, unreleased assets) into the audit prompt — the analysis produces derived text and may be logged by the agent environment. If you have a policy against autonomous skill invocation, confirm your agent's model-invocation settings (the skill can be invoked by the model by default, but 'always' is false). If you need guarantees about data not leaving your environment, run the audit in a controlled/local instance or sanitize inputs before submission.
Review Dimensions
- Purpose & Capability
- okName, description, and included files (SKILL.md plus two reference docs) all describe a Flow-focused game-design audit. The skill declares no env vars, binaries, or installs — nothing requested is unrelated to performing a design audit.
- Instruction Scope
- okSKILL.md contains detailed, bounded runtime instructions for producing an audit (phases, templates, output structure). It only references the included reference files and does not instruct the agent to read system files, environment variables, or contact external endpoints. No vague 'gather whatever you need' statements that would grant broad discretion.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only, so nothing is written to disk or fetched at install time.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There are no secret-named env vars or unrelated credential requests that would be disproportionate.
- Persistence & Privilege
- okSkill flags show default behavior (always: false, user-invocable: true, model invocation allowed). It does not request permanent inclusion or modification of other skills or system-wide settings.