KDP Publisher DE
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its PDF-building purpose, but one compiler path can automatically read and upload extra local files referenced by Typst includes to an external service without clear path limits.
Review this skill before installing if you handle private manuscripts. It appears to be a legitimate PDF builder, but avoid compiling untrusted Typst files, check which files are included before remote compilation, and consider using a local Typst compiler or a locked-down project directory for sensitive work.
VirusTotal
67/67 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent compiles a crafted or untrusted Typst file, additional readable local text files could be uploaded to the external compiler without the user explicitly selecting each file.
A #include path taken from the Typst document is joined and read without rejecting absolute paths or ../ traversal, then auxiliary_files are sent to the remote compile API.
for inc in re.findall(r'#include\s+"([^"]+)"', main_content):
inc_path = os.path.join(main_dir, inc)
if os.path.exists(inc_path):
aux[inc] = open(inc_path, encoding="utf-8").read()
...
r = requests.post(f"{API_URL}/public/compile/typst", json=payload, timeout=120)Restrict includes to a user-approved project directory, reject absolute and parent-directory paths, display the include list before upload, or compile locally for untrusted documents.
Unpublished book content and QR/link data may leave the local machine during PDF generation.
The full Typst manuscript content and auxiliary files are sent to a remote TypeTex API. SKILL.md discloses that compile.py sends to TypeTex, so this is purpose-aligned but sensitive.
API_URL = os.environ.get("TYPETEX_API_URL", "https://studio-intrinsic--typetex-compile-app.modal.run")
...
payload = {"content": main_content, "main_filename": "main.typ", "auxiliary_files": auxiliary_files or {}}
...
requests.post(f"{API_URL}/public/compile/typst", json=payload, timeout=120)Only use the remote compiler for manuscripts you are comfortable sending to that service, or configure/use a local Typst compiler for sensitive drafts.
Installing unpinned packages can change over time and depends on the package index and local Python environment.
The setup step asks users to install unpinned Python packages manually. This is common and purpose-aligned, but users should notice the dependency source.
pip install requests qrcode
Install in a virtual environment and consider pinning reviewed versions of requests and qrcode.
QR codes may be generated from an unexpected local links file or fall back to default URLs.
The code uses a hard-coded Desktop path for QR link configuration, while SKILL.md describes the standard path as $OPENCLAW_WORKSPACE/links.json. This can make the data source differ from user expectations.
LINKS_JSON = os.path.expanduser(
"~/Desktop/openclaw-projekt/agentic-authorship-dashboard/shared/links.json"
)Verify the QR configuration path before building and update the script or documentation so it uses the intended workspace file.