Skillv1.0.0

ClawScan security

Game Design Novelty Spectrum Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 3:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only audit skill whose declared behavior, resources, and requirements are coherent with its stated purpose and do not request extra privileges or external installs.
Guidance: This skill appears coherent and low-risk: it only reads its included reference docs and asks the agent to produce a design audit. Before installing, consider provenance: the owner and homepage are not provided, so if you require vendor accountability you may want to verify the source first. Do not paste confidential or secret material into prompts you send to any third-party skill; this skill itself does not request credentials or make external network calls according to the package contents.
Findings: [no_code_files_to_scan] expected: The regex-based scanner found no code because this is an instruction-only skill (SKILL.md + reference markdown files). That is expected for a documentation-style audit skill.

Purpose & Capability: noteThe skill's name and description (game-design novelty audit) align with its contents: an instruction document plus three internal reference files. It requires no binaries, env vars, or external services. Note: the package has no homepage and the source/owner provenance is unknown, which is a trust/provenance note but not an incoherence with capability.
Instruction Scope: okSKILL.md directs the agent to read only the included references and produce a structured analysis (concept read, familiarity anchors, novel elements, etc.). There are no instructions to read system files, access environment variables, contact external endpoints, or exfiltrate data.
Install Mechanism: okThere is no install spec and no code files to install or execute. Being instruction-only, it does not perform downloads or create on-disk artifacts.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate for a game-design auditing tool which only needs the concept text provided at runtime.
Persistence & Privilege: okalways is false and disable-model-invocation is false (normal). Autonomous invocation is allowed by default but the skill has no external access or secrets, so its potential blast radius is minimal.