Dependency Upgrade Briefing
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a low-risk dependency-upgrade briefing helper that generates reviewable text and does not request credentials, network access, or external system changes.
This skill is suitable for generating dependency-upgrade review drafts. Before installing, note that it may run a local Python script if shell tools are available, so provide only intended input files and avoid including sensitive dependency or business details unless needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with shell access, the agent may run the included local script to read an input file and produce a briefing file.
The skill discloses an optional local Python command. Local execution is relevant to the skill’s purpose and is not shown to download code, install packages, or run hidden commands.
如运行环境允许 shell / exec,可使用:`python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`Review the input and output paths before allowing execution, and prefer stdout or dry-run style use when you only need a draft.