Write
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail to run as documented, or a user may need to adjust paths before using the helper scripts.
The documentation points to scripts under a scripts/ directory, while the provided file manifest contains root-level script files such as audit.sh and edit.sh. Users should verify the installed paths so the agent does not try to run a missing or unintended local script.
Scripts in `scripts/`: `scripts/init-workspace.sh`, `scripts/new-piece.sh`, `scripts/edit.sh`, `scripts/audit.sh`, `scripts/list.sh`, `scripts/restore.sh`, `scripts/cleanup.sh`.
Confirm the actual script locations after installation and run only the packaged scripts you reviewed.
Some workflows may fail unless jq is already installed.
The helper scripts rely on jq, but the registry requirements declare no required binaries. This is an under-declared dependency rather than evidence of malicious behavior.
jq --arg audit "audit_${TIMESTAMP}" --arg ts "$(date -Iseconds)"Install jq if needed, and treat the shell helpers as local file-management tools.
Writing preferences or repeated corrections may be reused in later tasks, which can be helpful but may also carry stale or mistaken assumptions forward.
The skill contemplates persisting user writing preferences into SKILL.md, which can influence future writing behavior. This is purpose-aligned but is persistent agent context.
Reference only — consult when deciding whether to update SKILL.md. ... User explicitly states preference ... User consistently edits same way
Review and prune saved Preferences/Never entries periodically, especially after one-off writing tasks.
Sensitive draft content, audience details, or research notes could be included in sub-agent context during writing workflows.
The workflow explicitly passes writing context to sub-agents. This is coherent with the skill’s drafting process, but users should know that briefs and research notes may be shared across delegated agent steps.
Sub-agent receives task: - Piece ID - Brief (audience, tone, length) - Research notes (if any)
Avoid placing highly sensitive personal or business information in briefs unless you are comfortable with it being used throughout the agent workflow.
Old draft versions can be removed if cleanup is run and confirmed.
The cleanup helper can delete old version files, but it is limited to the selected version directory and requires an explicit yes confirmation.
read -p "Confirm deletion? (yes/no): " CONFIRM ... rm "$VERSION_DIR/$f"
Use cleanup only when a piece is final and keep enough versions for your rollback needs.