Skill Risk Splitter
Security checks across malware telemetry and agentic risk
Overview
This appears to be a benign local drafting/helper skill, but users should review the optional Python helper and choose input/output paths carefully.
This skill is suitable for producing reviewable skill-refactoring drafts. Before installing or using it, inspect the full Python helper, run it only on files you intend to analyze, and avoid feeding it unredacted personal or sensitive material unless necessary.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the skill may run a local script against files you choose and create a report file.
The skill explicitly permits running a local Python helper. This is disclosed and fits the skill's purpose, but it still executes local code that can read an input path and write an output path.
python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>Run it only on intended input files, verify the output path, and prefer stdout or --dry-run if you only want to review results.
A user who runs the helper would be trusting the full installed script, not only the visible excerpt in this review.
The runnable helper is included and recommended by the skill, but the supplied artifact view marks its source as truncated before the end of main(). No suspicious visible code is present, but the displayed source is incomplete.
"truncated": true
Inspect the complete scripts/run.py from the installed package or source repository before executing it.