Ironprose
Security checks across static analysis, malware telemetry, and agentic risk
Overview
IronProse appears purpose-aligned for fiction-prose analysis, but it relies on an external CLI/API that may process manuscript text and can optionally use an API key.
This skill looks coherent for prose analysis. Before installing, make sure you trust the IronProse CLI package and are comfortable sending manuscript text to its default API service; use a limited API key and avoid submitting confidential writing unless the service’s privacy practices meet your needs.
SkillSpector
SkillSpector has not run for this release. Legacy ClawScan findings remain available under Risk analysis.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the CLI requires trusting the upstream IronProse package.
The skill depends on an external CLI package rather than bundled code; using npx or cargo obtains and runs code from package ecosystems.
# Install via npm (recommended) npx ironprose --help # Or install via cargo cargo install ironprose-cli
Install only from the expected project/package source, prefer reviewed or pinned versions when available, and avoid running unexpected install commands.
Unpublished or private writing submitted for analysis may be sent to the external IronProse service.
The CLI is configured to use a default external API endpoint, while the documented workflows analyze manuscript text from files, stdin, clipboard, or JSON input.
--api-url <API_URL> IronProse API base URL [env: IRONPROSE_API_URL=] [default: https://prose-mcp.fly.dev]
Review the service’s privacy terms before analyzing sensitive manuscripts, and use a trusted custom API URL or local alternative if confidentiality is important.
If an API key is configured, the agent or CLI may use that account’s quota or authenticated access when analyzing text.
The skill documents an optional API credential for authenticated access; this is expected for an external service but is still a credential boundary users should notice.
--api-key <API_KEY> API key for authenticated access (optional, free tier available) [env: IRONPROSE_API_KEY=]
Use a limited-scope key if available, do not paste keys into prompts, and revoke or rotate the key if it is exposed.