Storybook Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The storybook-generation purpose is coherent, but the skill directs installing an additional unreviewed workflow skill with confirmation suppressed.
Use this skill only if you are comfortable sending story prompts or assets to AnyGen and configuring an AnyGen API key. Before allowing the fallback install command, explicitly verify and review the `anygen-workflow-generate` companion skill and avoid blind `-y` installation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An additional, unreviewed skill could be added to the user's agent environment and later influence agent behavior.
This directs installation of an additional skill not included in the reviewed manifest, with no pinned source or version, and uses '-y' to suppress confirmation.
If the `anygen-workflow-generate` skill is not available, install it first: ```bash anygen skill install --platform <openclaw|claude-code> -y ```
Install the companion skill only after explicit user approval, verify its source and version, and review that skill separately before use.
Anyone with the configured key may be able to use the user's AnyGen account or quota.
The skill requires an AnyGen API key or login, which grants access to the user's AnyGen account but is expected for this service integration.
primaryEnv: ANYGEN_API_KEY ... anygen auth login --api-key sk-xxx
Use a dedicated, revocable API key and avoid pasting real keys into shared logs or transcripts.
Sensitive story text, brand material, or images provided for generation may be sent to AnyGen for processing.
The artifact discloses that story content is processed by an external provider, so user prompts or assets may leave the local environment.
This skill uses the AnyGen CLI to generate visual stories and illustrated narratives server-side at `www.anygen.io`.
Do not include sensitive or confidential material unless the user is comfortable with AnyGen processing it and has reviewed the provider's terms.