Back to skill
Skillv1.0.0
ClawScan security
Game Design Perceived Randomness Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 25, 2026, 9:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only audit skill whose requirements, files, and runtime instructions match its stated purpose and request no unrelated access or credentials.
- Guidance
- This skill is instruction-only and appears coherent with its stated purpose. Before installing, confirm your agent platform enforces the usual sandboxing (no unexpected file or network access) and be prepared to supply contextual details about the game feature when invoking the skill (the SKILL.md asks the agent to infer missing info cautiously). If you plan to feed private game data, ensure the platform's data handling/privacy policies meet your needs; the skill itself does not request credentials or external endpoints.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md and the two reference documents. The skill is an advisory/audit tool for perceived randomness in game design and does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- okAll runtime instructions focus on auditing randomness perception, list specific prompts and response structure, and point to two local reference files. The skill asks the agent to infer missing information cautiously and state assumptions — reasonable for a consulting-style skill and not an overbroad data-collection instruction.
- Install Mechanism
- okThere is no install spec and no code files to execute. This minimizes disk writes and arbitrary code execution; the skill is purely instruction/reference material.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths and the SKILL.md does not reference any external secrets or unrelated environment data.
- Persistence & Privilege
- okThe skill does not request always:true and uses the default model-invocation behavior. It does not attempt to modify other skills or system configuration and does not request persistent privileges.