ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kirk Content Pipeline

v1.0.0

Create KSVC-validated Twitter content from research PDFs. Content types: long threads, quick takes, breaking news, shitposts, personal commentary, victory la...

0· 617·0 current·0 all-time
by@lukerspace
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (create KSVC-validated Twitter content from research PDFs) aligns with the files and scripts: SKILL.md describes a PDF→extraction→synthesis→draft pipeline and build_extraction_cache.py produces the structured cache the author expects. The files and references to voice/templates are expected for this purpose. However, some required actions (symlinking system-shared PDF directories into the project and auto-discovery of ~/.claude state) are stronger than a typical 'document summarization' skill and suggest deeper filesystem access than a simple writer would need.
!
Instruction Scope
SKILL.md explicitly instructs creating a symlink from /Users/Shared/ksvc/pdfs into the project to enable subagent reads (an explicit sandbox workaround). It also instructs listing and reading /Users/Shared/ksvc/threads/ and reading local RLM state (~/.../.claude/rlm_state), building caches with absolute pdf_path entries, and performing web cross-validation. These steps require broad access to local filesystem state and potentially to web services; they go beyond narrow content-generation guidance and include explicit steps to bypass platform permission controls.
Install Mechanism
No install spec is provided (instruction-only skill plus one script). Nothing is pulled from external URLs and no package install is required, which minimizes supply-chain risk. The included Python script is executed locally, so risk stems from what it does rather than any installer.
Credentials
The skill declares no environment variables or credentials, which matches the registry metadata. However, the script auto-discovers and reads user agent state and RLM pickles from home directories (~/.claude and related paths) and the SKILL.md directs reading system-shared PDFs and thread directories. Accessing those files is likely necessary for the stated task but is sensitive and not explicitly declared in the metadata.
Persistence & Privilege
The skill is not flagged as always: true and does not declare any behavior that modifies other skills or system-wide agent settings. It does instruct creating a symlink inside the project and writing JSON caches to user-specified output paths, which is scoped to the skill's directory and user workspace rather than system-wide privileges.
What to consider before installing
What to consider before installing/using this skill: - Sandbox bypass: SKILL.md tells the agent to create a symlink from /Users/Shared/ksvc/pdfs into the project so subagents can read PDFs. This is an explicit workaround of permission controls — avoid blindly creating broad symlinks (they can expose many files). Instead copy only the PDFs you trust into a project-local directory, or run the skill in an isolated environment. - Untrusted pickle risk: build_extraction_cache.py loads RLM 'state.pkl' files with pickle.load (with fallback code). Unpickling arbitrary files can execute code. Only run this script on RLM state files you created or have verified; do not run it on pickles from untrusted sources. If possible, inspect or sandbox the script before use. - Data leakage risk: The cache JSON includes absolute pdf_path and extracted content; if you upload or share caches, you may leak filesystem paths and content. Inspect generated caches and scrub/remove sensitive metadata before exporting. - Network/web verification: The pipeline requires web cross-validation and multiple model checks (Gemini, other models). Confirm what endpoints are used and whether any API keys or credentials will be required or sent. The skill does not declare required credentials, so be cautious of implicit network calls triggered by higher-level subagents. - Mitigations: run the pipeline in a VM or disposable container, copy only the PDFs you want to process into a dedicated skill directory (avoid symlinking entire shared folders), review/execute the Python script under controlled conditions, and scan the generated JSON for sensitive content before sharing. If you need the capability but want lower risk, request a version of the skill that accepts explicit file paths (no auto-discovery), avoids unpickling or uses a safe deserialization format, and does not recommend symlink sandbox workarounds. Confidence: medium — the skill's intent and many behaviors are internally coherent for the stated purpose, but several explicit sandbox-workaround instructions and use of pickle/unverified local state are noteworthy security concerns that warrant caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk9796hzw1qzrgswxthe9b9h6qn8161w5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments