Skill Routing Benchmark
Security checks across malware telemetry and agentic risk
Overview
The skill appears benign: it creates routing benchmark reports and only uses declared, user-directed local Python/file handling, though its source provenance is limited.
This looks safe for its stated purpose. Before installing, note that it comes from an unknown source and may run a local Python script if invoked; use it on files you intend to analyze, avoid sensitive content unless needed, and review generated drafts before taking any external action.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less external assurance about who maintains the skill, even though the included artifacts look coherent.
The bundle has limited provenance information, although it does not include a remote installer or third-party package dependency.
Source: unknown; Homepage: https://example.invalid/skills/skill-routing-benchmark
Treat it as an unknown-source local skill: review the bundled files before running the helper script and prefer trusted registry channels.
Running the helper executes local code that can process selected input files and produce an output report.
The skill explicitly allows running a bundled Python script. This is disclosed and central to generating reports, not hidden or unrelated.
如运行环境允许 shell / exec,可使用: python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>Run it only on intended inputs, review the generated output, and avoid using elevated privileges.
The script may read user-selected local materials and write a report file if an output path is provided.
The documented CLI accepts local input and output paths. This is expected for a report generator, but users should choose paths deliberately.
--input 输入文件或目录; --output 输出文件,默认 stdout; --dry-run 仅分析不写文件
Use dry-run/stdout when testing, avoid sensitive inputs unless necessary, and confirm output paths before writing files.