ClawHub
Back to skill
v0.1.1

Paperbanana

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:14 AM.

Analysis

Paperbanana is transparent about using external AI providers, but its plot feature runs AI-generated Matplotlib code locally without clear containment in the artifacts, so it deserves careful review before installation.

GuidanceInstall only if you are comfortable sending the relevant research text, images, and datasets to the chosen AI provider and with the plot workflow executing generated Matplotlib code locally. For safer use, run it in an isolated environment, avoid sensitive data, configure limited-scope provider keys with spending limits, and prefer pinned dependency versions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityHighConfidenceMediumStatusConcern
README.md
For **statistical plots**, the Visualizer generates and executes Matplotlib code — producing true vector graphics.

The artifact explicitly says the plotting workflow executes generated code locally. That is aligned with plot generation, but the supplied artifacts do not describe sandboxing, import restrictions, filesystem/network limits, or a review step before execution.

User impactA bad prompt, data file, or model output could lead to unintended Python code running in the user's local environment.
RecommendationUse this skill for plots only in an isolated, low-privilege environment, avoid sensitive files, and prefer a version that documents sandboxing or lets users inspect generated code before it runs.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/generate.py
dependencies = ["paperbanana[all-providers]>=0.1.2", "openai>=1.0"]

The script relies on uv to resolve and install external packages using lower-bound version constraints rather than exact pinned versions. The dependency is disclosed and central to the skill, but users should notice the dynamic package trust boundary.

User impactFuture package versions or transitive dependencies could change behavior compared with the reviewed artifact set.
RecommendationPrefer pinned versions or a lockfile for reproducibility, and install from trusted indexes in an environment where dependency changes can be reviewed.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
This skill requires **at least one** of the following API keys ... `GOOGLE_API_KEY` ... `OPENAI_API_KEY` ... `OPENROUTER_API_KEY`

The skill needs provider credentials from local configuration. This is expected for provider-backed generation and no artifact shows key logging or unrelated transmission, but the keys authorize account usage and possible paid API calls.

User impactConfigured API keys can be used to generate diagrams and plots, potentially consuming paid provider credits.
RecommendationUse dedicated API keys with billing limits where possible, configure only the provider you intend to use, and rotate keys if you later uninstall or distrust the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
This skill sends user-provided data to **external third-party APIs** for diagram generation and evaluation: ... **Text content** ... **Generated images** ... **CSV/JSON data**

The skill clearly discloses that prompts, images, and plotting data are sent to Gemini, OpenAI, or OpenRouter. This is expected for the stated purpose, but it is an important data-boundary consideration.

User impactResearch text, figures, evaluation images, and datasets may leave the local machine and be processed by the selected AI provider.
RecommendationDo not use confidential, proprietary, regulated, or unpublished data unless the selected provider and your organization permit that transfer.