Multi Agent Pipeline
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is presented as a generic pipeline, but its included code is a story/voice API that uses undeclared provider keys, sends audio/text to external services, and stores user story data.
Review this as a story/voice web API, not as a generic pipeline helper. Only use it if you intend to provide ElevenLabs/Mistral credentials, send audio/text to those providers, and store story data; otherwise ask the publisher to correct the metadata, remove unrelated code, document dependencies, and add clear consent, retention, and access controls.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install or use the skill believing it is only a generic local pipeline, while it actually contains code that can contact third-party AI/voice services.
This tells users the skill itself does not perform outbound network activity, but the included script directly calls external provider APIs, making the declared trust posture materially misleading.
"network": { "outbound": false, "reason": "Pipeline framework only — actual API calls depend on the stage functions you provide." }Update the description and metadata to accurately disclose the story/voice workflow, outbound providers, data sent, credentials required, and when calls occur.
If run in an environment containing these keys, the skill can use the user's ElevenLabs and Mistral accounts, potentially sending data and incurring provider usage.
The code uses provider credentials even though the registry requirements declare no required environment variables and no primary credential.
ELEVENLABS_API_KEY = os.environ.get("ELEVENLABS_API_KEY", "")
MISTRAL_API_KEY = os.environ.get("MISTRAL_API_KEY", "")Declare these credentials explicitly, document minimum required scopes, and require clear user approval before using account-backed provider APIs.
Voice recordings or other uploaded audio may leave the user's environment and be processed by a third-party service without the user expecting it from the skill description.
Uploaded audio is forwarded to an external speech-to-text provider, but the skill metadata says outbound networking is false and does not disclose this data boundary.
audio_data = await audio.read() ... client.post("https://api.elevenlabs.io/v1/speech-to-text", headers={"xi-api-key": ELEVENLABS_API_KEY}, files={"file": (audio.filename or "audio.wav", audio_data, audio.content_type or "audio/wav")})Clearly disclose all external providers, the types of data sent, retention/privacy expectations, and require user-directed consent for uploads.
Personal story inputs and child-related data could be stored and reused later without clear visibility, deletion controls, or access limits.
The script persists story content, child name, voice ID, and language to a database; related code also uses prompt_cache, but retention and reuse boundaries are not described.
await db.execute(
"INSERT INTO stories (title, content, voice_id, child_name, language) VALUES (?, ?, ?, ?, ?)",
[story.get("title", "Untitled"), content_json, voice_id, req.child_name, req.language]
)Document what is stored, where it is stored, how long it is retained, who can access it, and how users can delete cached or database records.
If integrated into an app, these routes could mutate stored story data or trigger paid provider calls in ways not apparent from the skill's stated purpose.
The code defines operational API routes that create records and invoke external AI/voice services, but the skill is described as a generic pipeline framework and does not specify approval, authentication, or scope controls for these actions.
@router.post("/api/story")
async def create_story(req: StoryRequest): ...
@router.post("/api/narrate")
async def narrate_scene(req: NarrateRequest):Limit routes to the documented purpose, add explicit auth/approval boundaries, and document which endpoints perform external calls or database mutations.
The runnable dependency chain and local helper behavior are unclear, which makes it harder to review or reproduce safely.
The script depends on external packages and local modules that are not declared in an install spec or included in the manifest.
import httpx from fastapi import APIRouter, HTTPException, UploadFile, File import database as db import prompt_cache ... from mistralai import Mistral
Provide a complete manifest or requirements file, include referenced local modules, and pin/justify external dependencies.