Skillv0.0.4

ClawScan security

OpenStoryline Install · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 2:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with its stated purpose of installing/running FireRed-OpenStoryline from source; nothing in the package indicates misdirection or unexplained access needs.
Guidance: This skill appears to do what it says, but exercise normal caution before running installers and downloads: 1) Verify the GitHub repository URL and review scripts (especially download.sh) before running them; 2) Run installs in an isolated environment (repo-local .venv or container) and avoid running as root; 3) Be cautious when inserting API keys—store secrets securely and do not commit them to source control; 4) Prefer verifying checksums or trusted release sources for large model/resource downloads; 5) The included code files in the package are empty placeholders—inspect the real repo's scripts before executing. If you need higher assurance, ask for the download.sh contents and checksums or run the steps manually with supervision.

Review Dimensions

Purpose & Capability: okThe name/description match the runtime instructions: cloning a GitHub repo, creating a Python venv, installing dependencies, downloading model/resource archives, filling config.toml, and starting services are all expected for a local install helper.
Instruction Scope: noteInstructions are focused on installation, configuration, verification, and starting services. They ask the agent to read README.md and config.toml (expected). Two minor issues to note: (1) download.sh pulls large model/resource archives from the network but the SKILL.md does not mention verifying checksums or sources; (2) it instructs filling API keys into config.toml — this is expected but users should avoid pasting secrets into public places. Otherwise there is no scope creep (no instruction to read unrelated system files or exfiltrate data).
Install Mechanism: okThis is an instruction-only skill with no install spec, which is lowest-risk. The included code files are zero-length placeholders and there is no binary download/install declared by the skill itself.
Credentials: okThe skill does not declare or require environment variables or credentials in its metadata. The instructions do ask users to provide LLM/VLM/TTS API keys in config.toml (expected for a local app that integrates external services). No unrelated secrets or service credentials are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It instructs running local servers as part of the app workflow, which is expected for this purpose.