draw-animal
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a simple local Python-based animal description generator with no evidence of credential access, networking, persistence, or data exfiltration.
This appears safe for normal use. Before installing, confirm you are comfortable with the agent running the included local Python script, and prefer implementations that pass user input as safe command arguments.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local Python script using the animal name you provide.
The skill runs a local command using user-derived parameters. This is expected for the skill's purpose, but safe argument passing or quoting is important to avoid unintended command behavior.
Extract the "animal" parameter from the user's input, then run the Python script with this parameter ... python3 {baseDir}/scripts/draw_animal.py --animal {animal:-pig} --lang {lang:-en}Installers or maintainers should ensure the animal and lang values are passed as separate command arguments or safely quoted, rather than interpolated into a shell string.