Ml Experiment Tracker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent local ML experiment-plan generator, with only low-risk notes around writing output files and a misleading dry-run option.
This skill appears safe for generating local ML experiment plans. Before installing or using it, note that it runs a bundled Python helper that writes to the output path you provide, and its --dry-run flag still produces an output file.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with an unintended output path, it can create or overwrite a local plan file.
The script writes a generated plan to a caller-supplied path and creates parent directories. This is expected for an export helper, but users should choose the output path deliberately.
parser.add_argument("--output", required=True, help="Path to output artifact.") ... output_path.parent.mkdir(parents=True, exist_ok=True) ... output_path.write_text(...)Run it with an explicit output path inside the intended project or artifacts directory, and avoid pointing it at important existing files.
A user expecting dry-run mode to avoid file writes may still see an output file created or overwritten.
The dry-run flag is described as side-effect free, but the main flow still calls render(), which writes the output artifact.
parser.add_argument("--dry-run", action="store_true", help="Run without side effects.") ... render(result, Path(args.output), args.format)Do not rely on --dry-run to prevent filesystem changes; use a safe temporary output path when testing.