ClawHub
Back to skill
v0.1.5

Ai Podcast Pipeline

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:33 AM.

Analysis

The podcast workflow is mostly purpose-aligned, but it should be reviewed because it can process loosely bounded local sources and its thumbnail step runs another local skill while handing it the Gemini API environment.

GuidanceReview the source-handling and thumbnail-generation steps before installing. Use only trusted QuickView paths, consider running with --no-image until the nano-banana-pro helper is reviewed, keep Gemini keys scoped, and avoid feeding private notes into the Gemini TTS workflow unless that is acceptable for your use case.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/build_podcast_assets.py
if src.startswith('https://'):
    u = urlparse(src)
    slug = unquote(u.path).strip('/')
    p = QUARTZ_ROOT / f"{slug}.md"
...
p = Path(src)
if p.exists():
    return p

The source resolver accepts any HTTPS URL path and any existing local path without normalizing or verifying that it stays under the intended QuickView/Quartz directory.

User impactA crafted or mistaken source value could make the package use the wrong local file, potentially exposing headings or topics from private notes in generated metadata or images.
RecommendationRestrict URL handling to the expected host, reject path traversal such as '..', resolve paths before use, and require explicit approval for sources outside the configured Trend/QuickView directory.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
scripts/build_podcast_assets.py
NANO_SCRIPT = WORKSPACE_DIR / 'skills/nano-banana-pro/scripts/generate_image.py'
...
cmd = ['uv', 'run', str(NANO_SCRIPT), '--prompt', prompt, '--filename', str(out_path), '--resolution', resolution]
subprocess.run(cmd, check=True, env=env, timeout=600)

Default thumbnail generation executes a sibling skill script through uv; that helper is not part of this package's manifest and is not declared in the install metadata.

User impactUsing the thumbnail workflow requires trusting another local skill and its dependencies, not just the files shown for this skill.
RecommendationDeclare the dependency explicitly, include or pin the helper implementation, and make the external image-generation step opt-in or clearly documented.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/build_podcast_assets.py
api_key = os.environ.get('GEMINI_API_KEY') or os.environ.get('NANO_BANANA_KEY')
...
env = os.environ.copy()
env['GEMINI_API_KEY'] = api_key
...
subprocess.run(cmd, check=True, env=env, timeout=600)

The asset builder forwards the Gemini API key, along with the rest of the inherited environment, to the external nano-banana-pro helper.

User impactThe sibling helper can access the Gemini key and any other environment secrets present during thumbnail generation.
RecommendationPass a minimal environment to subprocesses, declare the required credential in metadata, use a narrowly scoped key, and run this step only after reviewing the helper skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/gemini_multispeaker_tts.py
url = f"https://generativelanguage.googleapis.com/v1beta/models/{model}:generateContent"
...
"contents": [{"parts": [{"text": prompt}]}]
...
"x-goog-api-key": key

Dialogue text is sent to Google Gemini to generate audio, which is expected for the advertised TTS workflow but means source-derived content leaves the local machine.

User impactPodcast scripts or trend-note content included in the dialogue may be processed by the external Gemini provider.
RecommendationDo not use confidential source material unless your data policy allows it, and continue keeping API keys in environment variables rather than prompts or logs.