iBlipper Expressive Typography - Remember reading is automatic!
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs the helper script on untrusted or adversarial message text, that text could trigger local code execution under the user's account.
The user-provided message is embedded directly into Python source code instead of being passed as a data argument. A message containing a closing triple-quote sequence could break out of the string and run Python statements locally.
python3 -c "import urllib.parse; print(urllib.parse.quote_plus('''$text'''))"Do not run the CLI helper on untrusted text until fixed. The script should pass the message as an argument, for example using python3 -c 'import urllib.parse,sys; print(urllib.parse.quote_plus(sys.argv[1]))' "$text".
Animated links will open code hosted outside the skill package, and the message text will be visible in the generated URL and to the page running in the browser.
The skill’s main output depends on a remote GitHub Pages app whose implementation is not included in the reviewed artifacts. This is expected for a link-generator skill, but it is still an external dependency.
**Base URL:** `https://andyed.github.io/iblipper2025/`
Use this for non-sensitive short messages, and review or trust the external site before relying on it for important communications.
If used, the agent may open an external web page and create a file in Downloads for attachment.
The optional GIF workflow asks the agent to open a browser to an external URL and then find a downloaded GIF. This is purpose-aligned, but it uses browser automation and local downloads.
browser action=open targetUrl="https://andyed.github.io/iblipper2025/?export=gif#text=Hello&emotion=emphatic" profile=chrome
Only use GIF export when you want a downloaded file, and review the generated file before sharing it.