Skillv1.0.4

ClawScan security

Story generation pipeline skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 8:44 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill generally does what its name says (a local story-generation pipeline) but there are notable inconsistencies between the documentation and the included code (remote API vs local storage; retry limits), so review before use.
Guidance: This skill appears to be a self-contained, local story-generation pipeline that stores state and graphs under data/. Before installing or running it, consider the following: - The documentation and code disagree in two places: (1) SKILL.md mentions graph API calls but the code uses local JSON files; (2) SKILL.md says AI retry is capped at 3, but pipeline.py allows unlimited retries. Decide which behavior you expect and inspect/modify the code to enforce desired limits or change storage behavior. - The skill will create and modify files under data/ (pipeline_state.json and data/graphs/*.json). If you run it in an environment with sensitive files, ensure the working directory is isolated and not containing secrets. - No network endpoints or credentials are required by the included code, which reduces remote exfiltration risk. However, the skill bundles runnable Python code — review the files for any modifications you’d want (e.g., add retry caps, explicit user prompts, or logging controls) before enabling autonomous invocation. - Source is unknown. If you plan to use this in production or with sensitive inputs, request provenance from the author or run it in a sandbox first. If you want strict behavior (e.g., limit AI retries, or use a remote graph service), update the code to make that explicit and documented.

Review Dimensions

Purpose & Capability: noteName/description match the code: generator, reviewer, graph manager, and state persistence are present. Minor mismatch: SKILL.md and some textual descriptions mention 'call remote API' for graph query/storage, but the included graph_manager.py implements only local JSON file storage under data/graphs. Functionality requested (graph queries, episode generation, AI review) is coherent with the stated purpose.
Instruction Scope: concernSKILL.md instructs LLM-driven prompts and local state/graph file usage which the code follows. However there are inconsistent control rules: the SKILL.md earlier states AI retries 'max 3 times' for review, while pipeline.py and process_ai_review allow unlimited AI retry attempts (and a top-line note says human review has no max). Also SKILL.md implies graph operations may call a remote Graph API; the code's graph_manager only reads/writes local JSON. These discrepancies mean the runtime behavior may differ from what documentation promises.
Install Mechanism: okNo install spec or external downloads are present — the skill is instruction+bundled Python code that operates on local files. No network-based install URLs or third-party package pulls were found in the bundle. Risk from installation is low, but the skill will write/read files in its data/ directory when executed.
Credentials: okThe skill declares no required environment variables or credentials and the code does not access secrets or external credentials. It only uses local filesystem paths (data/pipeline_state.json and data/graphs). No disproportionate credential requests detected.
Persistence & Privilege: okalways:false (not force-included) and the skill does not modify other skills or system settings. It persists state and graphs to data/ within the skill bundle path, which is normal for this kind of tool. No elevated platform privileges are requested.