Anki Card Creator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a purpose-aligned local Anki card generator with no credential or network behavior, though it can read/write local files and its documentation overstates some implemented features.
This skill looks safe for local generation of simple Anki import files. Before using it, keep it confined to a study-materials folder, verify input and output paths, inspect generated cards before importing into Anki, and do not rely on the advertised PDF/image/download features unless additional reviewed code is supplied.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong paths or too much autonomy, it could read an unintended local file or overwrite an output file.
The skill grants the agent local read/write/edit and shell capabilities. This is mostly aligned with a file-conversion workflow, but it is broader than the minimal TSV export and should be used only on intended files.
allowed-tools: [Read, Write, Bash, Edit]
Run it in a dedicated folder, review input and output paths before execution, and avoid letting it edit unrelated files.
A user who manually runs pip install against this file may see unnecessary package resolution or installation errors.
The file says no external dependencies are required but still lists standard-library modules. There is no install spec that automatically installs them, so this is a packaging/provenance hygiene issue rather than evidence of malicious behavior.
# No external dependencies required # Uses Python standard library only argparse re
Do not install from requirements.txt unless it is corrected; the provided script only needs Python standard-library modules.
Users may expect reviewed media-download or PDF-processing behavior that is not actually present in the included implementation.
The documentation advertises advanced PDF, web, media download, and image features, while the provided code is a simple local text/TSV card generator. This is a functionality/trust mismatch, not evidence of exfiltration or destructive behavior.
- **Multi-Format Input**: PDF textbooks, lecture slides, notes, web articles - **Media Integration**: Auto-download and embed relevant images
Use the included script only for simple text-to-TSV card generation unless additional PDF/media code is separately provided and reviewed.