Call Scorecard Builder
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a benign local helper for drafting call scorecards, with only minor provenance and user-directed script-execution points to notice.
Before installing, note that the source provenance is limited and the optional Python helper should be run only on files you choose. For real call transcripts or customer conversations, de-identify sensitive information where possible. The artifacts otherwise look coherent and proportionate for drafting reviewable call scorecards.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It may be harder to verify the publisher or upstream repository outside the provided package artifacts.
The source and homepage do not provide meaningful external provenance. This is not a behavior concern by itself, especially because no remote install step is present, but users have less independent origin information.
Source: unknown ... Homepage: https://example.invalid/skills/call-scorecard-builder
Install from a trusted registry or workspace, and review the included files if provenance matters for your environment.
If invoked, the script can read the chosen input file and write the chosen output file.
The skill explicitly allows a local Python helper to run on a user-provided input and output path. This is disclosed and aligned with generating structured scorecard output, with no evidence of hidden networking, privileged commands, or destructive behavior.
可使用:`python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`Run it only with intended input and output paths, and avoid including sensitive call material unless it is necessary and appropriately de-identified.