Back to skill
Skillv1.0.0
ClawScan security
Novel Character Profile Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 2, 2026, 9:33 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions largely match a character-profile / LoreBible manager, but it instructs the agent to traverse and modify the user's workspace, supports a non-interactive --no-confirm mode, and includes rule/condition strings that might be executed — these behaviours deserve user attention before installing.
- Guidance
- This skill appears to implement the stated character-profile and LoreBible management features, but it operates on the user's filesystem and can create/move files. Before installing or allowing autonomous invocation: 1) Inspect scripts locally (especially lore_bible_manager.py, profile_session.py, conflict_detector.py) for any eval/exec of config strings or unexpected network calls; 2) Run the code in a sandbox or test workspace (not your home directory) to confirm behavior; 3) Avoid using or exposing --no-confirm until you trust the code — prefer interactive confirmation; 4) If you plan to point --workspace at an existing directory, make a backup first; 5) If you need higher assurance, ask the author for a package with explicit dependency and import paths and/or a minimal reproducible example demonstrating safe rule evaluation. If you want, I can scan the remaining truncated script sections for eval/exec or network usage and highlight exact lines of concern.
Review Dimensions
- Purpose & Capability
- okThe code files (profile generator, conflict detector, lore-bible manager, session manager, analyze/validate scripts) match the declared purpose of creating, validating, scanning, and managing character profiles. Templates, example assets, and workflow configs are coherent with a fiction-authoring tool.
- Instruction Scope
- concernSKILL.md explicitly tells the agent to 'access user work directory and switch to that directory' and the enhanced features scan existing profiles, create directories, save temp files, and can move files into a final Characters directory. These behaviors are plausible for a workspace manager, but they require filesystem read/write access to user paths. The documented --no-confirm / non-interactive options allow writing/moving files without user confirmation, increasing risk if invoked incorrectly.
- Install Mechanism
- noteNo install spec is declared (instruction-only at registry level), so risk from downloads is low. However the package contains many Python scripts (no packaging/install specification), so running the skill will depend on executing local Python code. There is no declared dependency management or sandboxing — users should expect to run Python scripts from the repo.
- Credentials
- noteThe skill requests no environment variables or external credentials, which is proportionate. A possible concern: validation rules/config include condition strings (e.g., 'age.isdigit() and not (0 <= int(age) <= 150)') that the code may evaluate at runtime — if the code evaluates condition text from config, a modified rules file could cause execution of arbitrary expressions. Review how rules/conditions are evaluated before trusting unvetted rule files.
- Persistence & Privilege
- notealways:false and no claimed modification to other skills. The skill legitimately writes files within a user-specified workspace and persists session state; this is expected. Still, the ability to run non-interactively (--no-confirm) and to create/modify directories in arbitrary paths increases the blast radius if the agent is invoked without careful workspace restrictions.