Skillv1.0.0

ClawScan security

Liyou Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 6:14 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, scripts, and runtime instructions align with its stated purpose as a creative IP assistant; no code or requirements appear disproportionate, though a few vague integration behaviors deserve attention before install.
Guidance: This skill is internally consistent with its creative purpose: its reference docs and two Python scripts are benign and match the described features (SD prompt generation, novel organization, world-building sync). Before installing, confirm two points: (1) What does 'memory/' map to in your agent environment—could it include sensitive files? (2) Where do the saveNovelChapter/updateSetting/addSettingSubItem calls actually send data and what credentials or permissions are used? If those API endpoints are provided by your platform (Claw) and are properly scoped, the behavior is expected. If you cannot verify the target endpoints or permission model, run the skill in a sandboxed environment first, and review logs/permission prompts for any automatic syncing. If you need higher assurance, ask the skill/provider to document the exact API endpoints and required scopes, or to remove automatic remote-sync behavior so you can confirm changes before they are sent.

Review Dimensions

Purpose & Capability: okName/description (角色设计, SD 提示词, 小说整理, 世界观管理) match the provided files: templates, references, and two scripts (SD prompt generator and novel organizer). There are no unrelated environment variables or binaries requested.
Instruction Scope: noteSKILL.md instructs the agent to read local reference files (references/*.md), use/modify references/lore-database.md, read a 'memory/' directory for latest progress, run the included scripts, perform web_search, and call application APIs (saveNovelChapter, updateNovelChapter, addSettingSubItem, updateSetting) to sync content. These behaviors are coherent with the stated purpose but are somewhat vague about the exact 'memory/' path and the destination/authorization for the API calls; that ambiguity could lead to broader file reads or unexpected remote writes if not constrained by the platform.
Install Mechanism: okNo install spec (instruction-only skill with bundled scripts). No network downloads or package installs; the included Python scripts are simple and local-file oriented. Low install risk.
Credentials: noteThe skill declares no required env vars or credentials, which fits its local-file and UX-focused tasks. However, SKILL.md expects the skill/agent to call platform APIs to sync content; if those APIs require credentials or elevated permissions in the host environment, that is not documented here. Also 'memory/' access could surface user data depending on how the agent's memory is implemented.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges. It writes only to its own reference files and to user-specified output paths when the scripts are run. It does instruct automatic synchronization to the named Claw UI (via platform APIs), but there is no evidence it attempts to modify other skills or global agent settings.