v1.0.0

Podcast Show Notes Generator

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 1:35 AM.

Analysis

The show-notes workflow is mostly coherent, but the listed purchase-related capability is unrelated to generating podcast content and is not bounded by the instructions.

GuidanceReview the requested capabilities before installing. The show-notes instructions themselves are aligned with podcast content creation, but a podcast-writing skill should not need purchase or crypto-related authority. Only provide transcripts or audio you are comfortable having processed, and use trusted installations for any transcription tools such as Whisper or pyannote.audio.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

The agent will ask which mode to use and request file paths or pasted text.

The skill expects user-provided file paths or pasted transcripts and describes tool-driven processing, but this is aligned with the stated podcast transcription and show-notes purpose.

User impactThe agent may work with local audio/transcript files, so users should provide only the files they intend to process.

RecommendationKeep file access user-directed and confirm any tool use that reads local files.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Run Whisper (large-v3 by default) for transcription ... Speaker diarization (pyannote.audio)

The skill references external transcription and diarization components. They are purpose-aligned, but users should notice that dependency provenance and versions are not specified in the instruction-only package.

User impactUsers may need to rely on separately installed or provider-hosted audio-processing tools.

RecommendationDocument trusted installation sources and versions for Whisper and pyannote.audio if audio-file processing is intended.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

whisper episode-47.mp3 --model large-v3 --output_format json --word_timestamps True

The skill includes a local command example for audio transcription. This is expected for processing podcast audio, but it is still command execution against user-provided files.

User impactRunning transcription commands can read local audio files and consume local compute resources.

RecommendationOnly run transcription commands on intended files, and avoid broad or unreviewed file paths.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

metadata

Capability signals
- crypto
- can-make-purchases

Purchase-related and crypto-related capability signals are not explained by the podcast show-notes purpose and are not bounded by approval, scope, or reversibility instructions.

User impactA content-generation skill should not need financial or crypto-adjacent authority; if granted, that authority could create avoidable financial or account risk.

RecommendationRemove or disable purchase/crypto-related capabilities for this skill, or clearly document why they are needed and require explicit user approval before any financial action.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityInfoConfidenceHighStatusNote

SKILL.md

The agent ingests the audio or transcript, extracts metadata, structures the output for every distribution channel

The skill necessarily processes full episode content and extracts names, bios, links, topics, and mentions. This is purpose-aligned, but transcripts may contain private or pre-release information.

User impactPodcast transcripts can include personal details, guest information, unreleased business plans, or other sensitive content.

RecommendationReview transcripts before submission and remove confidential sections that should not be processed or reused in generated promotional materials.