Figure Legend Gen
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a user-directed figure-legend generator with no artifact-backed malicious behavior, though it asks users to run a local Python script and install unpinned dependencies.
This looks appropriate for generating figure legend text, but treat it like any local Python utility: review the code and dependencies before installing, provide only intended image paths, and clarify the documentation's Network/API claim before using it on confidential research figures.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run local Python code and read a user-specified image path, with optional writing of a legend file.
The skill's documented workflow requires running a local Python script. This is disclosed and purpose-aligned, but users should notice that installation/use involves executing code.
python scripts/main.py --input <image_path> --type <chart_type> [--output <output_path>]
Run it only from a trusted workspace and provide only intended input/output paths.
Dependency resolution could vary over time or across environments.
The dependency file lists packages without version pins. If the user follows the documented pip install step, packages may be resolved from the package index at install time.
dataclasses enum
Review dependencies before installing and prefer pinned, audited versions if this skill is used in a controlled environment.
A user may be unsure whether uploaded research figures remain local or could be sent to an external service.
The documentation describes Network/API capability and a risk row for external API calls, while the registry declares no credentials or required environment variables and the visible code does not show external API use.
skill_type: Hybrid (Tool/Script + Network/API)
Clarify whether any network-backed vision or OCR service is actually used before processing sensitive or unpublished research figures.