Back to skill
Skillv1.0.0
ClawScan security
Game Design Player Persona Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 8:15 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only persona-extraction skill whose files and runtime instructions align with its stated purpose and it requests no credentials, binaries, or installs.
- Guidance
- This skill is coherent and low-risk: it is a local, instruction-only analyzer that reads the included reference docs and the design text you provide. Before installing or running it, do not paste sensitive secrets or proprietary documents you don't want processed. Verify the included reference files yourself (they're human-readable) to ensure no unexpected endpoints or instructions are present. If the skill is later changed to add network calls, downloads, or required credentials, reassess — those would be legitimate reasons to consider it suspicious.
Review Dimensions
- Purpose & Capability
- okThe skill's name, description, and SKILL.md all describe extracting player personas from a described design. It is instruction-only, includes only reference docs and guidance files, and does not request unrelated credentials, binaries, or system access.
- Instruction Scope
- okRuntime instructions are limited to reading the included reference files and analyzing the design text the user provides. The SKILL.md does not instruct the agent to read arbitrary system files, access environment variables, call external endpoints, or exfiltrate data. The guidance properly limits demographic analysis to when the user explicitly requests it.
- Install Mechanism
- okNo install spec or code files are present; this is an instruction-only skill. That minimizes disk writes and remote downloads and is proportionate to the stated functionality.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no apparent need for secrets or platform access to perform the described analysis.
- Persistence & Privilege
- okFlags show always:false and normal user-invocable/autonomous invocation defaults. The skill does not request permanent system presence or modify other skills or system-wide settings.