Skillv1.0.0

ClawScan security

Story English · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 10:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its stated purpose (serialized English-learning fiction); it requests no credentials, makes no network calls, and only prints generation prompts and outputs, with a minor note about echoing any user-supplied state.
Guidance: This skill appears coherent and implements what it promises: generating short fictional episodes with vocabulary and quizzes. It's safe to install from a coherence point of view, but be careful when using the CLI --state option: any JSON or text you paste will be included verbatim in the printed prompt and the generated 'state' JSON and could appear in logs or be transmitted if you copy/share outputs. Do not paste passwords, API keys, or other secrets into --state. If you run the scripts on a multi-user or CI environment, treat the generated outputs as potentially viewable by others. Otherwise, no credentials or network access are required and the code is straightforward to review.

Review Dimensions

Purpose & Capability: okName/description (story-based English learning) align with the included files and behavior. The code files are CLI wrappers that format a prompt and print it; they implement story/series/vocab CLI behavior described in SKILL.md/README. No unrelated binaries, credentials, or platform access are requested.
Instruction Scope: noteThe SKILL.md and scripts explicitly instruct generation of story text, vocabulary lists, grammar spotlights, quiz questions, and a JSON 'state' object. They do not instruct reading arbitrary system files, accessing environment variables, or sending data to external endpoints. One note: the CLI accepts a --state string which is embedded verbatim into the printed prompt and into the generated JSON state; do not paste sensitive secrets into --state because they will be echoed in outputs and could be recorded in logs or agent transcripts.
Install Mechanism: okNo install spec is provided (instruction-only behavior). There is no download or archive extraction. This is low-risk from an install perspective.
Credentials: okThe skill requires no environment variables, credentials, or config paths. The contents and behavior of the scripts are consistent with this: they only read CLI args and print text. No disproportionate credential/requested access noted.
Persistence & Privilege: okalways is false and the skill does not request persistent system modifications or auto-enable itself. It does not modify other skills or system-wide configuration. Autonomous invocation is allowed by default (platform normal) but not elevated here.