Evidence Gap Mapper
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a local evidence-review helper; the main things to notice are its optional Python script execution and limited source provenance.
This skill looks appropriate for reviewing reports or drafts for unsupported claims. Before installing, note that it can run a local Python script and process files you point it at, so provide only documents you intend to analyze and verify the skill files if provenance matters to you.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run a local script and create an output file when invoked in an environment with shell execution.
The skill explicitly allows running a local Python helper with user-specified input and output paths. This is disclosed and purpose-aligned, but it is still local code execution that users should recognize.
如运行环境允许 shell / exec,可使用:`python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`Run it only from a trusted skill directory, review input/output paths, and use dry-run or stdout output when you do not want files written.
It may be harder to verify who authored or maintains the skill.
The artifacts do not provide a verifiable upstream source or real homepage. There is no remote installer or dependency evidence, so this is a provenance note rather than a behavioral concern.
Source: unknown; Homepage: https://example.invalid/skills/evidence-gap-mapper
Treat the bundled files as the review source of truth and inspect updates before enabling or running the helper script.