ClawHub
Back to skill
v1.0.8

Materials Cli

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:53 AM.

Analysis

The tool mostly matches its stated image-rendering purpose, but its AI feature relies on an unreviewed local dependency that receives your OpenAI key.

GuidanceBefore installing, verify or replace the local materials-agents dependency with a trusted pinned package, use a dedicated OpenAI key, and only use the generate command with prompts and endpoints you are comfortable sharing.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityHighConfidenceHighStatusConcern
package.json
"materials-agents": "file:../materials-agents"

The package depends on a sibling local path rather than a pinned registry package, and that dependency is not part of the supplied source files.

User impactInstalling or running the AI generation command may load unreviewed local code, so behavior and credential handling can differ from the visible source.
RecommendationUse a build that pins or includes the materials-agents source, and review that dependency before installing or using the AI generation feature.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
bin/materials-cli.js
const child = spawn(exec, args, {
  stdio: 'inherit',
  shell: process.platform === 'win32'
});

The CLI wrapper launches Node and forwards command-line arguments; this is purpose-aligned local code execution, but it explains the static exec warning.

User impactRunning the skill executes local Node package code in your terminal session.
RecommendationInstall only from a trusted package source and review dependencies before running the CLI.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
src/commands/generate.ts
const apiKey = options.apiKey || process.env.OPENAI_API_KEY;
...
schema = await generateSchema(prompt.trim(), {
  apiKey,
  model: options.model || process.env.OPENAI_MODEL,
  baseUrl: options.baseUrl || process.env.OPENAI_BASE_URL,
});

The OpenAI API key is collected and delegated to materials-agents, with an optional custom base URL, rather than the reviewed code directly bounding the API call.

User impactYour API key could be used by dependency code that is not visible in the supplied artifacts, potentially affecting costs or data exposure.
RecommendationUse a dedicated, limited OpenAI key, prefer environment variables over command-line key flags, verify any base URL, and inspect the materials-agents dependency.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Uses `OPENAI_API_KEY` (and optionally `OPENAI_MODEL`, `OPENAI_BASE_URL`) if not passed via flags.

The generate command is designed to communicate with OpenAI or an OpenAI-compatible endpoint; this is disclosed and purpose-aligned.

User impactPrompts used for AI generation may be sent to the configured AI provider.
RecommendationAvoid putting secrets in prompts and confirm the configured OpenAI-compatible endpoint before use.