chapter-outliner Security Report — Trusted | ClawSafe

5 /100

chapter-outliner

章节大纲生成器 - 基于15节拍系统生成小说章节大纲

Chapter Outliner is a benign creative writing tool with no malicious behavior, credential access, network calls, or hidden functionality.

Skill Namechapter-outliner

Duration32.8s

Enginepi

✓

Safe to install

This skill is safe for use. Consider pinning dependencies to versions for reproducible builds.

Findings 1 items

Severity	Finding	Location
Low	Dependencies not version-pinned Supply Chain requirements.txt lists 'rich' and 'PyYAML' without version constraints. This could lead to unexpected behavior if unpinned latest versions introduce breaking changes. `rich PyYAML` → Pin to known-good versions, e.g. 'rich>=13.0.0' and 'PyYAML>=6.0'	`scripts/requirements.txt:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md declares book-dir parameter; code reads outline.md, style.yml, and char…
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares --output parameter; code writes markdown output to specified p…
Network	`NONE`	`NONE`	—	No network calls in generate_outline.py; no requests, urllib, or socket usage
Shell	`NONE`	`NONE`	—	No subprocess, os.system, or shell command execution in code
Environment	`NONE`	`NONE`	—	No os.environ access; all parameters come from CLI args
Skill Invoke	`NONE`	`NONE`	—	No skill invocation chain; standalone script
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser or web automation
Database	`NONE`	`NONE`	—	No database access

3 files · 19.3 KB · 635 lines

Python 1f · 465L Markdown 1f · 168L Text 1f · 2L

├─ ▾ 📁 scripts

│ ├─ 🐍 generate_outline.py Python 465L · 15.3 KB

│ └─ 📄 requirements.txt Text 2L · 12 B

└─ 📝 SKILL.md Markdown 168L · 4.0 KB

Package	Version	Source	Known Vulns	Notes
`rich`	`*`	pip	No	Version not pinned — minor supply chain risk
`PyYAML`	`*`	pip	No	Version not pinned — minor supply chain risk

✓ No network requests — offline-only operation

✓ No credential or sensitive file access

✓ No subprocess or shell execution

✓ No obfuscation, base64, or eval patterns

✓ Documentation fully matches code behavior — no doc-to-code mismatch

✓ Uses yaml.safe_load() — safe YAML parsing

✓ File writes are user-controlled via explicit --output flag

✓ Input paths are validated with .exists() and .is_dir() checks

✓ Clean error handling with user-friendly messages