script creator with github companion
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and scoped, but it can make local script/Git changes and install Python packages when you approve a plan.
Install only if you want the agent to create and modify scripts under ~/.nanobot/workspace/test using Git. Before approving a plan, check the script path, requested edits, and any Python packages to be installed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can create or modify files and Git history inside the configured workspace.
The skill instructs the agent to run local shell and Git commands that create files, directories, repositories, and commits. This is purpose-aligned and confirmation-gated, but it is still local mutation authority.
mkdir <script_name> ... git init ... touch <script_name>.<extension> ... git add . ... git commit -m "Initial commit: <script_name>"
Review the proposed directory, filename, and changes before confirming; use simple script names and ensure the path stays under ~/.nanobot/workspace/test.
Approving dependency installation can change the Python environment and may install packages you did not intend if names are wrong or ambiguous.
The skill may install Python dependencies by package name. That is expected for script creation, but the instructions do not require pinning versions or verifying package provenance.
source ~/.nanobot/workspace/venv/bin/activate pip install <package1> <package2> ... deactivate
Confirm package names carefully, prefer trusted packages, and consider pinned versions for reproducible scripts.
A package installed for one script could change behavior or compatibility for other Python scripts in the same workspace.
The skill uses one shared virtual environment for package management, so dependency additions or conflicts from one script can affect other scripts that reuse that environment.
Python virtual environment: `~/.nanobot/workspace/venv` ... pip install <new_package>
Use the shared venv only if that is acceptable; for stronger isolation, create per-script virtual environments or document/pin dependencies.