Skillv0.1.0

ClawScan security

Dreamlover Character Skill Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 4:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a generator for character skills); it contains local Python tooling and conditional local-memory scripts but does not request unrelated credentials or perform remote data exfiltration.
Guidance: This skill appears to do what it claims, but before installing or running it: 1) Review and choose a unique slug to avoid overwriting an existing ./ .agents/skills/{slug}/ package. 2) Inspect tools/skill_writer.py and the runtime scripts if you plan to execute them locally (they will write files and create a local sqlite DB). 3) Be aware local memory (.dreamlover-data/memory.sqlite3) can contain user-provided text (possibly sensitive); run in an isolated workspace if you want to limit exposure. 4) Confirm Python 3.9+ is present before running any scripts. 5) If you expect the skill to be run autonomously by an agent, note it can create/modify files—only enable it if you trust the source or have reviewed the code.
Findings: [pre_scan_injection_signals_none] expected: The provided pre-scan reported no injection indicators. That matches the repository contents (local Python scripts, no network calls or obfuscated endpoints found in the reviewed files).

Review Dimensions

Purpose & Capability: okName/description claim (distill character materials into reusable character skills) matches the repository contents: prompts, docs, a skill composer, and many Python tools for writing child skills and runtime memory. There are no unrelated required env vars or binaries.
Instruction Scope: noteSKILL.md defines an intake-first workflow, source auditing, layered outputs, and explicit rules for writing canonical files and platform wrappers. That scope aligns with a generator skill. Important operational behaviors are present in the instructions: the skill will (when used) read provided files/paths, build files under characters/{slug}/, and install/export runtime wrappers under ./ .agents/skills/{slug}/ or an OpenClaw workspace. These file-write actions are expected for this purpose but are material to understand before running.
Install Mechanism: okNo install spec (instruction-only at registry level), which is lowest-risk for automatic installs. The repository does include many Python scripts (tools/ and scripts/) intended to be executed locally; there are no downloads from arbitrary URLs or external installer steps embedded in the metadata.
Credentials: okThe skill declares no required environment variables or credentials (primaryEnv none). The included runtime memory scripts store data locally in a sqlite DB under a .dreamlover-data path. That local storage is coherent with the stated conditional-memory features; no unrelated secrets are requested.
Persistence & Privilege: noteThe skill is not force-installed (always:false). It can be invoked by the agent (default model invocation) and, when used, will write generated child packages into the agent's skills directory and create a local memory DB under a .dreamlover-data path. This is expected behavior for a generator/installing tool, but it means the skill will modify filesystem state (including possible overwrite if slug conflicts exist).