Skillv1.0.3

ClawScan security

Novel Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 8, 2026, 3:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and included scripts are coherent with a local novel-assistant: it reads/writes local memory Markdown files, runs a local compression script, and suggests optional Git usage; nothing indicates unexplained external access or disproportionate privileges.
Guidance: This skill appears coherent with its stated purpose and contains local scripts to compress and back up your novel memory files. Before installing or running: (1) inspect the two scripts (they are included) and confirm you are comfortable with them renaming the original file to <file>.md.bak and overwriting the original; (2) keep an independent backup/copy of important memory files before first run; (3) the skill may suggest Git commands — those will use your existing git configuration and network remotes if you run them, so ensure you understand any remote push/pull implications; (4) run the compression script on a test file first to verify behavior. If you want a higher safety barrier, run these scripts in a sandbox or on copies of your files.

Purpose & Capability: okName/description (novel writing, memory file management, backups, compression) match the included SKILL.md and the two compression scripts. No unrelated env vars, binaries, or installs are requested.
Instruction Scope: noteInstructions explicitly tell the agent to read/write local memory files (memory/novels/{name}.md), backup files, run local compression scripts, and optionally run Git commands. This is within expected scope. Note: the scripts rename the original file to <file>.md.bak and overwrite the original with the compressed version — users should be aware this mutates files and keep external backups if needed.
Install Mechanism: okNo install spec and no remote downloads; the skill is instruction-only with two bundled scripts. This is low-risk compared to network installation.
Credentials: okNo environment variables, credentials, or config paths are required. The SKILL.md suggests optional Git usage (which would use the user's existing git credentials if they push/pull), but the skill itself doesn't request or embed any secrets.
Persistence & Privilege: okalways:false and no system-wide configuration changes are requested. The skill performs local file operations (read/write/backup) within user workspace paths; it does not modify other skills or global agent settings.