Kirk Content Pipeline
WarnAudited by ClawScan on May 10, 2026.
Overview
Review recommended: the skill is a coherent content workflow, but it explicitly works around a subagent file-access block by symlinking shared PDFs into the project.
Install only if you are comfortable giving the skill and its subagents access to the relevant KSVC PDFs and holdings data. Avoid the symlink workaround unless you explicitly approve the exact folder being exposed, remove the symlink afterward, run the cache script only on trusted RLM state files, and review every draft before publishing or sharing externally.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Subagents could read shared research PDFs without the normal path-based approval protection, and the link may expose more PDFs than the user intended.
The artifact identifies a file-access restriction and instructs the agent to bypass it by creating a symlink so subagents can read otherwise blocked PDFs.
Subagents CANNOT Read files outside the project directory. PDFs in `/Users/Shared/ksvc/pdfs/` are blocked. The fix: **symlink PDFs into the project directory** before spawning subagents.
Only allow access to specifically approved PDFs, prefer copying selected files into the project instead of linking a shared directory, and remove the symlink after the task.
Running the helper on an untrusted or tampered state.pkl file could execute local code.
The helper script deserializes a local pickle state file. Pickle loading is expected for this RLM-cache workflow, but it can execute code if the state file is malicious or untrusted.
with open(state_path, 'rb') as f:
return pickle.load(f)Run the script only on state files produced by trusted RLM tools in a trusted workspace; consider replacing pickle with a safer serialized format for cache exchange.
Drafts may include private holdings, model names, entry prices, or trading positions that could become public if posted.
The workflow intentionally accesses KSVC holdings information and uses it in generated financial content. This is purpose-aligned, but the data can be sensitive.
2. Check KSVC holdings (preliminary - with known tickers) ... 4b. Final Holdings Verification (check ALL 7 models with discovered tickers)
Confirm the agent is allowed to use KSVC holdings data and manually review drafts before publishing or sharing them.
Sensitive source-derived claims or holdings context could be shared with an external provider during validation.
The skill requires an external Gemini/web validation step, but the provided artifact does not define exactly what draft claims, source excerpts, or holdings-derived inferences may be sent.
4a.5. GEMINI CROSS-VALIDATION (web-verify FAIL/UNSOURCED inferences)
Require confirmation before sending proprietary PDF content or holdings-derived information to external web/model services, and redact sensitive details where possible.
Cached PDF snippets, paths, and inferred labels may persist locally and may be over-trusted in later drafts.
The workflow creates and reuses a persistent extraction cache from PDF/RLM state. This is purpose-aligned, but stale or incorrect cache entries can influence later writing.
After: Writer loads structured cache → writes from verified data with labels
Store caches in a scoped project folder, review them before reuse, and delete stale caches that should not influence future content.