Skillv0.1.0

ClawScan security

Web Novel Master · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 1:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and requirements are coherent with a web‑novel writing assistant — no disproportionate credentials, installs, or surprising external endpoints are requested.
Guidance: This skill appears coherent for its stated purpose (chapter templates, styling guides, flows, and a small utility script). Before installing, consider these practical checks: 1) Open and read scripts/check_chapter_wordcount.py to verify it only inspects local draft files and does not make network requests, spawn shells with unsafe arguments, or write outside the skill folder. 2) Confirm the README/GitHub link is from a source you trust (registry metadata had no homepage while README points at a repo). 3) Be aware the references include analyses of named authors' styles — avoid copying distinctive copyrighted text or producing near‑verbatim passages that could raise IP issues. 4) When installing, do the git clone/cp steps in a sandbox or with limited permissions if you want to limit exposure; the skill will need access to files in the skill directory to resume projects. If you want extra assurance, run the single Python script through a quick static review and search the repo for outbound network calls (http, https, socket, requests, urllib) before enabling the skill.

Review Dimensions

Purpose & Capability: okName/description (web novel creation) match the actual contents: extensive writing guides, templates, flows, and a small helper script. No unrelated environment variables, binaries, or cloud credentials are requested. One minor inconsistency: registry metadata lists no homepage, but README references a GitHub repo (possible omission in registry metadata rather than malicious behavior).
Instruction Scope: noteSKILL.md instructs the agent to read user preferences and detect unfinished projects (to support resumed/serialized writing). That implies the skill may read writing-project files in the agent/skill workspace, which is proportionate to its purpose but does mean it will access user project data. The instructions do not direct the agent to read unrelated system config, secrets, or to transmit data to non‑authorised external endpoints.
Install Mechanism: okThere is no install spec (instruction-only), which is lowest risk. The README suggests cloning into a local Claude Code skills directory — a local file‑copy, not a remote executable download. No suspicious download or extract URLs are present in the provided manifest.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. The files are content and templates; requested access (reading project/writing files under the skill directory) is consistent with a writing assistant.
Persistence & Privilege: okFlags show always:false and normal model invocation behavior. The skill does not request forced always-on presence or system-wide configuration changes. Typical user action is required to invoke it.