Skillv1.0.0

ClawScan security

AI Game Asset Generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 8:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only guide for AI game asset generation; its requirements and instructions are consistent with the stated purpose and it does not request credentials or install code.
Guidance: This skill is an instruction-only guide and appears coherent with its purpose. Before running any of the example commands or scripts: 1) review and understand each shell/Python snippet — they operate on local files (for loops, rembg, ImageMagick, PIL/numpy) and may overwrite or process batches of images; run them in a safe/test directory or sandbox. 2) install required tools (rembg, ImageMagick, Python libs) from trusted sources. 3) be mindful of licensing and model TOS for the listed AI services and of copyright for any reference images you use. 4) the SKILL.md contains truncated/partial code in places — inspect and fix those snippets before use. If you need higher assurance, request a full dependency list from the publisher or run the commands in an isolated VM/container.

Purpose & Capability: okThe name/description match the content: prompt templates, tool recommendations, and post-processing workflows for 2D/3D assets and audio. The declared metadata requests no unrelated credentials, binaries, or config paths.
Instruction Scope: noteSKILL.md contains concrete commands and code snippets that operate on local asset files (rembg, ImageMagick convert, shell loops, Python PIL/numpy scripts) and example prompts for external AI services (Midjourney, Stable Diffusion, ElevenLabs, Suno, etc.). This scope is appropriate for an asset-generation guide, but the instructions will run local file-manipulation commands if executed as-is, so users should review snippets before running them.
Install Mechanism: okNo install spec and no bundled code — lowest-risk delivery. The skill is instruction-only and does not pull or execute external archives or packages itself.
Credentials: okThe skill declares no environment variables or credentials. Referenced external services are reasonable for the described purpose and no unrelated secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request any persistent privileges, modify other skills, or access system-wide agent config.