Founder Article
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its article-generation purpose, but its GitHub Pages publishing path can create and publicly host content through a GitHub account without clear permission scope or confirmation rules.
This appears suitable for drafting local business articles, but treat GitHub Pages publishing as a separate high-impact action: review the final article, confirm the exact repository and visibility, and approve any GitHub account changes before letting the agent publish.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent follows this workflow, it could create or modify GitHub resources and publish unfinished or sensitive article content under the user's account.
Creating repositories and enabling GitHub Pages requires GitHub account authority and can publish durable public content; the skill text does not define credential scope, approval requirements, repository/privacy choices, or cleanup.
Step 4: Publishing (Optional) - Creates GitHub repository - Enables GitHub Pages - Provides shareable links
Make publishing explicitly opt-in, require a final content preview and user confirmation, declare required GitHub authentication/scopes, let the user choose repository and visibility, and provide cleanup instructions.
Converting untrusted HTML could expose the user to browser-side risks or unwanted network/resource loading during rendering.
The helper launches a local browser to render an HTML file into PDF. This is expected for PDF generation, but it can run active page content and disables Chrome's sandbox.
"$CHROME" \ --headless \ --disable-gpu \ --no-sandbox \ --print-to-pdf="$OUTPUT" \ ... \ "file://$INPUT_ABS"
Use the PDF helper only with HTML you generated or trust, document the Chrome requirement, and avoid --no-sandbox where the platform supports normal sandboxing.
A user who installs by direct clone depends on the current state and provenance of that repository.
The README documents direct installation from a GitHub repository into the skills directory. This is a normal install pattern, but it installs whatever is at the repository's current branch unless the user pins or verifies a commit.
git clone https://github.com/jeff0052/founder-article.git ~/.openclaw/skills/
Prefer trusted registry installation or pin and verify a specific commit before installing from GitHub.