Skillv1.0.0

ClawScan security

Game Design KPI Coverage Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 8:54 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is instruction-only and its requirements, included reference files, and runtime instructions match its stated purpose of auditing KPI coverage for game features.
Guidance: This is an instruction-only audit tool that uses only the included reference files and does not require credentials or installs. It appears coherent and low-risk, but consider what data you will feed it: if you supply sensitive internal metrics or proprietary roadmaps to the agent, those inputs could be exposed according to your environment's data-handling rules. If you want stricter control, limit the agent's autonomous invocation or avoid pasting sensitive dashboards and raw credentials into prompts.

Purpose & Capability: okName, description, and deliverables align with the required artifacts and included reference docs; there are no unexpected environment variables, binaries, or external services requested.
Instruction Scope: okSKILL.md stays on-topic: it instructs the agent to read the bundled reference files and produce an audit (feature read, KPI framing, blind spots, recommendations). It does not request system-wide file access, credentials, or transmission to external endpoints.
Install Mechanism: okNo install spec or code files are included; this is an instruction-only skill so nothing will be written to disk or downloaded during install.
Credentials: okThe skill declares no required environment variables, credentials, or config paths; the actions described do not imply a need for secrets or unrelated service access.
Persistence & Privilege: okalways is false and model invocation is allowed (platform default). The skill does not request persistent system privileges or modifications to other skills' settings.