Skillv1.0.1

ClawScan security

Atelier Litteraire : Agents rédacteurs de roman court, de nouvelles avec idéation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 8:01 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent for producing multi-step literary drafts: its instructions, files, and optional integrations match the claimed purpose and there are no unexplained credential requests or install steps.
Guidance: This skill appears to do what it says: run a two-agent literary pipeline, iterate with juries, and produce DOCX/PDF deliverables. Before installing or enabling external integrations, consider the following: - If you enable SharePoint / Gmail / Amazon KDP features, you will need to provide tokens/credentials; provide only the credentials you intend for this skill and verify where uploads will go. The skill does not request credentials by default. - The agents are designed to read and write project and memory files (projects/, memory/YYYY-MM-DD.md, bibles, seeds, produce .xlsx). Review which directories the agent will have access to and avoid placing unrelated secrets in those locations. - Hermine explicitly aims to work from real facts and anonymizes real people at a certain pipeline stage, but you should avoid feeding legally sensitive or identifiable data (active judicial cases, private personal data) unless you are comfortable with how you'll manage publication and confidentiality. - There is no install-time code download or hidden endpoints in the bundle; still confirm the platform's `clawhub install atelier` behavior on your instance (it may register the skill but not fetch external code). - If you plan to publish commercially (KDP), double-check the publication workflow and credentials required; that step may require manual review and additional platform permissions. Overall: coherent and expected for a writing/production skill; review optional upload/publish settings and local project file scope before enabling those features.

Review Dimensions

Purpose & Capability: okName/description (literary ideation + writing pipeline) align with the contents: two agents (Hermine/Herbert), jury/scoring, DOCX/PDF export and optional uploads. The skill declares required Anthropic models in openclaw-skill.json which matches SKILL.md references to Sonnet/Opus.
Instruction Scope: noteSKILL.md and agent docs instruct the agent to read and write local project files (memory/YYYY-MM-DD.md, projects/*, bibles, seeds, produce an .xlsx, assemble DOCX/PDF) and, optionally, upload to SharePoint / send via Gmail / publish to Amazon KDP if configured. These actions are consistent with the stated purpose but will access user project files and require deliberate configuration to enable external uploads.
Install Mechanism: okInstruction-only skill with no install spec and no code files to fetch or execute. This is low risk and consistent with a workflow/template skill. The provided `clawhub install atelier` is a user-facing convenience but the skill bundle contains no remote download instructions.
Credentials: noteThe skill requests no environment variables or credentials by default. It references optional integrations (Anthropic models are declared; SharePoint via Microsoft Graph token, Gmail API token, and Amazon KDP publication are described as optional). Because those integrations are optional and not required by the skill, the requested access is proportionate — but enabling publication/upload features will require you to supply credentials explicitly.
Persistence & Privilege: okalways is false; the skill does not request permanent platform presence or attempt to modify other skills. It follows normal agent memory/read patterns (reading its own project/memory files), which is expected for this class of skill.