Skillv1.1.0

ClawScan security

Game Design One-Page Design Doc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 28, 2026, 7:20 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent: it generates a one‑page game design JSON/Markdown/PDF using a local Python renderer and requires only the ReportLab library and system fonts.
Guidance: This skill appears to do what it says: generate a compact game design JSON/Markdown and a styled PDF using a local Python script. Before running: (1) review the included script if you want to be sure it only writes files locally (it does); (2) be prepared to install reportlab via pip (network access to PyPI needed); (3) the renderer will search your system font directories for Poppins/Liberation fonts — install those if you want the preferred typography; (4) it writes output files into the current working directory by default, so run it in a safe location. If you want extra assurance, open scripts/render_one_page_gdd.py and inspect it (it contains no network calls, subprocess.exec, or credential usage).

Purpose & Capability: okThe name/description (one-page game design doc) match the included assets and code. The script and reference files support producing a structured JSON, markdown and a styled PDF; no unrelated services, credentials, or binaries are requested.
Instruction Scope: okSKILL.md restricts the agent to collecting required design inputs, producing structured JSON/Markdown, and calling the local renderer. It references only the included references/*.md files and the example JSON; it does not instruct reading arbitrary system files or sending data externally.
Install Mechanism: noteThere is no install spec; the runtime instructions ask the user to pip install reportlab. This is a reasonable, minimal dependency for PDF generation, but it does require network access to PyPI when installing.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The renderer does probe common system font directories (expected for font fallback) but does not access secrets or remote endpoints.
Persistence & Privilege: okalways is false and the skill is user‑invocable. It does not request persistent presence or modify other skills or global agent configuration.