Back to skill
Skillv0.1.0
ClawScan security
Transition Design · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 11:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested resources and instructions match its stated purpose (designing frame-level transitions) and it does not request unrelated credentials, installs, or external endpoints.
- Guidance
- This skill appears internally consistent and low-risk: it only contains guidance and two reference KB files for calculating handles and selecting transitions. Before using it, ensure you supply the required clip metadata and frame-level assets (or another skill that provides them). Don’t grant unrelated credentials or broad filesystem access to the agent on behalf of this skill. If you plan to automate frame analysis, verify which tool will provide motion/lighting data and that those tools are trusted.
Review Dimensions
- Purpose & Capability
- okName/description (设计转场) align with the content: the skill only needs clip metadata, frame-level visual analysis, and the included KBs. No unrelated binaries, env vars, or config paths are required.
- Instruction Scope
- noteSKILL.md stays within scope (analyze adjacent clip boundary frames, validate handles, choose transition type, emit design instructions). It references the provided reference docs only. One operational ambiguity: it assumes access to '粗剪数据' and frame-level visual content (motion vectors, lighting, composition) but does not specify how those are supplied — this is an operational requirement, not a security mismatch.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing is written to disk or downloaded during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill only needs clip metadata and frame analysis inputs, which are proportional to its purpose.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or permanent presence or modify other skills. Autonomous invocation is allowed (platform default) and is not combined with other red flags.