Project Brief Writer
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent project-brief drafting skill with an optional local Python helper, and the provided artifacts do not show credential use, networking, persistence, or destructive actions.
This skill is reasonable for drafting project briefs from requirements or meeting notes. Before running the optional Python helper, make sure the input file is intended for processing, avoid unnecessary sensitive personal or business data, choose a safe output filename, and treat the result as a review draft rather than formal approval or a legal document.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent may run the bundled script on a chosen input file and create or overwrite the chosen output file.
The skill explicitly permits running a bundled Python helper through shell/exec. This is disclosed and purpose-aligned for generating a local report, but it is still local code execution and can write an output file.
如运行环境允许 shell / exec,可使用:`python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`Run it only on intended project materials, choose a safe output path, and review the generated brief before using it for decisions or publication.
Users have fewer provenance signals to confirm who maintains the bundled code.
The package provenance is limited in the supplied metadata. This does not show malicious behavior, but users have less external source information for the included script.
Source: unknown; Homepage: https://example.invalid/skills/project-brief-writer
Install from a trusted registry context and inspect the local script if provenance matters for your environment.