Book Writer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears aligned with its stated purpose of generating book content, but users should review its external API use, API key handling, and Python dependency installation.
This skill looks suitable for its stated writing purpose. Before installing, use a virtual environment, review the Python dependencies, configure only the API keys you intend to use, and avoid submitting confidential manuscript content unless external OpenAI/Google processing is acceptable.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill can modify Python packages on the machine, which may affect other Python projects if not isolated.
The setup script installs or upgrades third-party Python packages from the package ecosystem. This is expected for the skill, but it changes the user's Python environment and depends on current package versions.
cmd = f"{sys.executable} -m pip install --upgrade {package}"Run the installer in a virtual environment and review requirements.txt before installing.
The skill may use the user's API accounts and incur API usage or billing under those accounts.
The skill expects user-provided OpenAI and Google credentials for generation and material search. This is purpose-aligned and disclosed, but the registry metadata lists no required environment variables or primary credential.
export OPENAI_API_KEY="your_openai_api_key" ... export GOOGLE_CSE_ID="your_google_cse_id" ... export GOOGLE_API_KEY="your_google_api_key"
Use limited-purpose API keys where possible, monitor usage, and avoid sharing keys in generated files or prompts.
Private book ideas, research topics, or draft instructions may be transmitted to external AI/search providers.
The user's book prompt and generated outline instructions are sent to an external OpenAI chat completion API. This matches the skill's AI-writing purpose, but users should understand that manuscript topics or sensitive prompts leave the local environment.
messages=[{"role": "user", "content": outline_prompt}]Do not include confidential material unless you are comfortable sending it to the configured providers and their API policies.