Sillytavern Charactecard
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-aligned SillyTavern character-card import/export helper, with only low-risk cautions around local file handling and prompt-like card contents.
This skill is reasonable to use for SillyTavern character-card files. Before installing, note that it works with local files, lacks a public source/homepage in the metadata, and may display or preserve prompt-like fields from cards; treat imported card contents as untrusted data unless you intentionally use them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read a selected local card/image file and create an output file when asked.
The skill explicitly instructs the agent to read local files and generate exported files. This is purpose-aligned for importing/exporting character cards, but it is still local file tool use.
1. 使用 `read` 工具读取文件 ... 3. 生成文件 4. 返回文件路径
Only ask it to process files you intend to share with the agent, and confirm the desired export location/name to avoid accidental overwrites or disclosure.
A character card may contain instructions intended for roleplay systems; if mistakenly treated as agent instructions, it could influence the conversation.
SillyTavern cards can contain prompt-like fields. The artifacts show parsing and formatting these as card data, not executing them, but users and agents should treat imported card text as untrusted content.
"system_prompt": "系统提示词", "post_history_instructions": "历史后指令"
Treat all imported card fields as data for viewing/editing/exporting unless the user explicitly chooses to use them in a roleplay context.
Users have less context for who maintains the skill or where to audit its upstream source.
The registry metadata does not provide a source repository or homepage, which limits independent provenance verification. No remote install script or dependency risk is shown.
Source: unknown; Homepage: none
Install only if you trust the registry publisher, and review the included files before using it on sensitive character cards.