Frankenstein
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and purpose-aligned, but it works with third-party skill sources, helper tools, generated skill output, and sub-agents that users should review carefully.
Before installing or using the generated output, review the source skills, scanner results, copied scripts, and final SKILL.md. Treat all downloaded skill files as untrusted input, do not include secrets in the request, and only approve saving the generated skill after checking that it does not inherit unsafe instructions or unwanted behavior.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated skill could inherit unsafe, low-quality, or untrusted behavior from external skills if the sources and copied components are not reviewed.
The workflow intentionally gathers skills from broad third-party sources and may reuse their scripts in a newly generated skill. This is central to the purpose, but it makes provenance and source review important.
Search EVERY AI skills repository ... GitHub ... skills.sh ... skillsmp.com ... Other sources to check ... Include scripts from winners
Review the listed source skills, their scripts, licenses, and scanner results before approving or installing the generated Frankenstein skill.
Malicious or manipulative text inside a source skill could influence the generated skill if not filtered during analysis.
The skill asks the agent to read untrusted instruction files and reuse selected approaches in a persistent new skill. Those source files may contain prompt-injection text or instructions that should be treated as data, not obeyed.
Look for: SKILL.md, CLAUDE.md, or similar agent instruction files ... Take the winning approach for each feature
During review, ensure source instructions are quarantined as untrusted content, remove any meta-instructions or hidden behavioral changes, and verify the final SKILL.md independently.
If the helper tools or candidate install steps are misconfigured, the workflow may touch local files or create outputs the user did not expect.
The skill relies on local helper tools to fetch, scan, sandbox, and build skills. This is purpose-aligned and includes safety steps, but the tools are powerful enough that users should confirm what will be run.
Install to temp directory ... Run skill-auditor scan ... Analyze safe skills in sandwrap read-only mode ... Use skill-creator to assemble
Use trusted versions of the helper tools, keep candidate installs in temporary directories, and confirm the final creation step before saving.
Source content, draft skill text, or user requirements may be shared with spawned analysis sessions.
The skill can delegate analysis to sub-agents. This is disclosed and aligned with the analysis-heavy purpose, but the artifact does not define strict boundaries for what context is shared with those sub-agents.
When spawning analysis sub-agents ... sessions_spawn( task: "FRANKENSTEIN ANALYSIS: [topic]...", model: "opus" )
Avoid including secrets or private project data in prompts to this skill, and review what information is sent to any spawned analysis agents.