Cinematic Script Writer
PassAudited by ClawScan on May 10, 2026.
Overview
The provided artifacts describe a coherent script-writing tool with disclosed CLI, storage, memory, and Google Drive features, with no evidence of malicious behavior.
This skill appears safe for its stated purpose. Before installing, verify the npm package source, connect Google Drive only if you want cloud saving, and avoid placing sensitive material in saved contexts or scripts unless you are comfortable with the configured storage.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives the package code local execution capability under the user's account.
The skill is intended to be installed and run as a global npm CLI package. That is expected for this tool, but it means users are trusting the npm package they install.
npm install -g openclaw-skills
Install only from a trusted package source and verify that the package name, version, and publisher match what you expect.
If connected, the skill may be able to create or save files in the user's Google Drive depending on the OAuth scope.
The skill can connect to a user's Google Drive account for saving projects. This is purpose-aligned, but it involves delegated account access.
Google Drive: Uses Google OAuth2 for authentication. Credentials are stored securely in memory.
Review the OAuth permission prompt carefully and connect Google Drive only if you want the skill to save projects there.
Story details, character profiles, scripts, and prompts may be retained for later reuse or saving.
The skill is designed to store and retrieve contexts, scripts, and related project data. This persistence supports the stated workflow but can retain user-created content.
OpenClaw Agent with memory permissions
Avoid storing highly sensitive personal or proprietary material unless you understand where the agent memory or storage backend keeps it.