Back to skill
Skillv1.0.0
ClawScan security
Game Design Fogg Behavior Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 5:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only game-design audit skill based on the Fogg Behavior Model; its files, instructions, and required surface are internally consistent and do not request credentials or install code.
- Guidance
- This skill appears low-risk and coherent: it only contains instructions and local reference files for doing Fogg-model audits and does not request credentials or install code. Before installing, consider these points: 1) avoid pasting real production credentials, player PII, or sensitive telemetry into prompts you send to the skill; 2) the skill can be invoked autonomously by the agent (platform default) — that is normal, but you should only allow autonomous use in agents you trust; 3) the recommendations it generates are behavioral design advice — review for ethical considerations (manipulative or privacy-invasive nudges) before applying in a live product. If you want higher assurance, ask the publisher for provenance (who authored the skill) or a changelog; nothing in the package itself contradicts its stated purpose.
Review Dimensions
- Purpose & Capability
- okName, description, and included reference files match the stated purpose (auditing game features with the Fogg model). There are no unrelated required binaries, env vars, or config paths.
- Instruction Scope
- okSKILL.md contains explicit, scoped runtime instructions for performing behavioral audits and points to the included reference files. It does not instruct the agent to read unrelated system files, access external endpoints, or collect credentials.
- Install Mechanism
- okNo install spec or code is included; this is instruction-only so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no environment variables or credentials. The instructions do not reference secrets or other environment state beyond the included references.
- Persistence & Privilege
- okSkill is not forced-always and uses normal, user-invocable/autonomous-invocation defaults. It does not request persistent system privileges or modify other skills/config.