Skillv1.0.0

ClawScan security

Smart Illustrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 11:52 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description (image/PPT generator) is plausible, but its runtime instructions reference API keys, home‑directory config files, clipboard access, and local scripts while the declared requirements list none — these mismatches warrant caution.
Guidance: This skill is plausible for generating illustrations, but there are important mismatches you should understand before installing or running it: - The SKILL/README instruct the agent to use GEMINI_API_KEY and to call local scripts, yet the registry metadata declares no required environment variables or config paths. Treat that as a red flag: the skill will likely expect an API key and local files even if not declared. - If you clone the repo into ~/.claude/skills (as README suggests), inspect any scripts (the scripts/ directory) before running npx/bun on them. Executing unreviewed scripts from a repo can run arbitrary code on your machine. - Review the styles/*.md files: they contain long System Prompt text that the skill instructs the agent to extract and use as the System Prompt for generation. That effectively injects LLM instructions at runtime — review these prompts for undesired behavior before use. - Be cautious about automatic clipboard copying and files written under ~/.smart-illustrator and /tmp; sensitive content (articles, prompts) could be stored or exposed. If you must use it, run in a sandboxed environment, set API keys with least privilege, and keep the skill's files under version control so you can audit changes. If you want to proceed: ask the author for an explicit list of required env vars and an install script you can audit, or run the skill in a disposable environment until you've inspected the scripts and verified precisely which credentials are used and where data is written/transmitted.

Review Dimensions

Purpose & Capability: concernThe skill claims to generate illustrations via Gemini/Excalidraw/Mermaid, which legitimately requires model API keys and export tooling. However the registry metadata declares no required environment variables or config paths, while the README/SKILL.md repeatedly reference GEMINI_API_KEY, ~/.smart-illustrator config files, and scripts under ~/.claude/skills/smart-illustrator/scripts. That mismatch (declaring nothing but expecting credentials and local scripts) is incoherent.
Instruction Scope: concernSKILL.md instructs the agent to: read user-supplied article files, always read specific style files, extract System Prompt content from style files, write temporary prompt files under /tmp, auto-copy prompts to the clipboard, and invoke local export scripts (npx bun ~/.claude/skills/.../scripts/...). It also instructs writing/reading user-level config (~/.smart-illustrator) and cover learning records. These actions go beyond pure 'prompt generation' and require file I/O, home-directory access, and potentially network calls — and the skill claims none of these environment requirements.
Install Mechanism: noteNo install spec is declared (instruction-only), which is lower risk. But the README instructs users to clone a GitHub repo into ~/.claude/skills to obtain scripts; if users follow that, arbitrary scripts in that clone could be executed with npx/bun. Because the skill references local scripts that may not be part of the marketplace package, users who clone the repo should inspect those scripts before running.
Credentials: concernThe skill's runtime text and README clearly expect a GEMINI_API_KEY (and optionally other provider keys) and use of ~ and /tmp paths, but the registry 'required env vars' and 'required config paths' are empty. Additionally the skill will write to ~/.smart-illustrator/cover-learnings.md and read style files that contain system-prompt content. Requesting or using API keys and home-file access is proportionate for an image generator — but those requirements should be declared; the omission is suspicious and makes it unclear what secrets might be used or transmitted.
Persistence & Privilege: notealways:false (normal). The skill expects/encourages cloning files into ~/.claude/skills and will read/write user-level config under ~/.smart-illustrator; this is normal for a user-local tool but does persist data in the home directory. There is no explicit evidence it modifies other skills or system-wide configs, but it does instruct executing local scripts if present, which increases its runtime privilege when installed locally.