ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kdp-generator

v1.0.0

Generate Amazon KDP compatible books - both e-books from Markdown and low-content books (journals, planners, log books). Use when the user needs to publish b...

0· 70·0 current·0 all-time
by@timyljob2011-sudo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (KDP book generator) matches the code: many scripts generate PDFs, covers, metadata, and batch workflows. Requiring no credentials and no external binaries is reasonable for offline PDF/image generation. However, the SKILL.md example commands reference a scripts/ subdirectory (e.g., scripts/md2epub.py), while the repository manifest lists those Python files at the top level (md2epub.py, generate_cover.py, etc.). That path mismatch is an inconsistency that may break runtime usage or indicate sloppy packaging.
Instruction Scope
SKILL.md's runtime instructions stay within KDP publishing tasks (convert Markdown to EPUB, generate interiors and covers, produce metadata, batch generation). It does instruct the agent to 'use this skill whenever the user mentions KDP...' which is a broad trigger but not in itself malicious. I found no instructions that ask the agent to read unrelated system files or to exfiltrate environment variables. Still, SKILL.md references commands under scripts/ while the supplied files live at project root — the mismatch could cause the agent to attempt to run non-existent paths or to run files in unexpected locations.
Install Mechanism
Registry metadata says 'No install spec — instruction-only skill', but the bundle contains many executable Python files (18 code files + others). Having code included is normal for a generator skill, but calling this 'instruction-only' is inconsistent. There is no download-from-URL or package installer present (lower install risk), but verify how the platform will surface/execute these files because the packaging mismatch could lead to broken runs or unexpected behavior.
Credentials
The skill declares no required environment variables or credentials, which is consistent with offline generation of PDFs and images. SKILL.md suggests using Midjourney/Stable Diffusion prompts for AI cover generation and tells the user to upload to KDP but does not request API keys or credentials. That is proportionate — if you expect the skill to upload to Amazon or call image APIs, it currently has no declared mechanism or env vars to do so (which is safer).
Persistence & Privilege
Flags show always:false and model invocation allowed (normal). The skill does not request persistent privileges or to modify other skills or system-wide configs. Nothing indicates it will force-enable itself or require continuous background presence.
What to consider before installing
This skill appears to do what it says — create KDP-ready interiors, covers, and metadata — and it includes the necessary Python scripts. However: - Packaging mismatch: SKILL.md examples use scripts/ paths but the files in the bundle are at the repository root. Confirm how the platform will run these scripts (will it place them in a 'scripts/' folder or run top-level files?). This mismatch may break the skill or cause the agent to attempt to run unexpected paths. - Review the omitted files: 16 files were truncated in the manifest. Before installing, scan those files for any networking (HTTP requests, sockets), subprocess.invocations, or code that reads environment variables or arbitrary files. None were visible in the excerpts, but the omitted files could contain such behavior. - No credentials requested: The skill does not ask for Amazon or image-service API keys. That is safer, but if you expect the skill to upload to KDP or call Midjourney/Stable Diffusion APIs, you'll need to handle credentials yourself — do not paste secrets into prompts or allow the agent to store them. - Run in a sandbox first: If you install and run this skill, test it in an isolated environment (no sensitive files, no credentials) to validate outputs and to confirm there are no unexpected network calls or side effects. If you want, I can: (1) scan the omitted files for network or credential usage, (2) search the full code for subprocess/network calls, or (3) produce a short checklist of exact lines/patterns to look for before trusting the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e6x0g3jgadmxfq4vdsjcb5s83g21p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments