Back to skill
Skillv0.0.2
ClawScan security
NewTest白木 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 9:23 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared requirements and runtime instructions match its stated purpose (a CLI wrapper for a Narrator AI service); nothing requests unrelated credentials or surprising system access.
- Guidance
- This skill appears internally consistent for controlling the narrator-ai-cli. Before installing or providing an API key: 1) Verify the narrator-ai-cli GitHub repo and the referenced release/tag to ensure you trust the code that pip will install. 2) Limit the API key's permissions and rotate it if possible; the CLI stores the key in ~/.narrator-ai/config.yaml (SKILL.md says perms 0600) so check that file and its permissions. 3) If you do not want your agent to install packages autonomously, install the CLI manually in a controlled environment and keep the skill instruction-only. 4) Note the minor metadata mismatch (skill display name vs plugin.json) and the presence of contact info — these are not harmful but worth verifying the publisher identity. If you need higher assurance, inspect the pip package source locally before installation.
Review Dimensions
- Purpose & Capability
- okName/description promise (create AI-narrated videos) aligns with required binary (narrator-ai-cli) and declared primary env var (NARRATOR_APP_KEY). The instructions and examples all target the narrator-ai-cli and the Narrator API endpoints; requested items are expected for this functionality.
- Instruction Scope
- okSKILL.md is an instruction-only integration that tells the agent how to call the CLI and the service (upload, create tasks, query, stream). It references the CLI config file (~/.narrator-ai/config.yaml) and environment overrides (NARRATOR_SERVER, NARRATOR_TIMEOUT) which are relevant. It does not instruct reading unrelated system files or exfiltrating unrelated secrets. It also enforces user confirmation for resource selection.
- Install Mechanism
- noteThe skill recommends installing the narrator-ai-cli via pip from a GitHub archive/ git URL — a standard pattern. The package source is GitHub (reasonable), not an unknown personal server. Note: the top-level manifest in the evaluation summary said 'no install spec', but plugin.json and SKILL.md include a pip install spec; this mismatch is minor but worth noting because installation will fetch and install third-party code.
- Credentials
- okOnly one required credential (NARRATOR_APP_KEY) is declared as primary and is appropriate for an API-driven CLI. SKILL.md mentions optional overrides (NARRATOR_SERVER, NARRATOR_TIMEOUT) but does not require additional unrelated secrets or keys.
- Persistence & Privilege
- okalways:false (no forced global install). The skill stores its own config at ~/.narrator-ai/config.yaml (permission 0600); this is reasonable for a CLI-based integration. The skill does not request system-wide powers or modification of other skills.