ClawHub

kdp-generator

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to be a local Amazon KDP book-file generator; the main things to notice are that it runs bundled Python scripts and writes generated book files locally.

Before installing or using this skill, expect it to run local Python code and create book-output files. Use a dedicated folder, verify any needed Python libraries, and manually review generated interiors, covers, prompts, and metadata before publishing to Amazon KDP.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

Running the skill can create or replace generated book-related files in local folders.

Why it was flagged

The script creates directories and writes generated PDFs, prompts, metadata, and README files to a user-selected or default output path. This is purpose-aligned for a book generator, but users should be aware it mutates the local filesystem.

Skill content
output_dir = Path(args.output)
output_dir.mkdir(parents=True, exist_ok=True)
...
final_interior = book_dir / "interior.pdf"
...
with open(prompt_path, 'w') as f:
Recommendation

Run it from a dedicated project directory, choose explicit output paths, and review generated files before uploading anything to KDP.

#ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

The skill may require manual Python dependency installation and users must rely on the bundled scripts rather than a clearly declared install process.

Why it was flagged

The registry metadata says there is no install spec while the package includes multiple executable Python files. This is not suspicious by itself, but it means dependency setup and provenance are less explicitly documented.

Skill content
No install spec — this is an instruction-only skill.

Code file presence
18 code file(s):
Recommendation

Inspect the bundled scripts, install dependencies from trusted package sources, and verify command paths before running the examples.