ML Pipeline
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a local ML workflow helper with no evidence of exfiltration or hidden execution, but it has broad file/command access and a deployment script users should run carefully.
This skill looks safe to review and use for local ML workflow assistance, but keep it scoped to a project workspace, inspect commands before running them, and be especially careful with the deployment script because it can copy files into a target directory.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong path, the agent could read, edit, or run commands against files outside the intended ML project.
The skill gives the agent broad local file and shell capabilities. That is purpose-aligned for ML pipeline automation, but it means actions should stay scoped to the intended workspace.
allowed-tools: Read, Write, Edit, Bash, Glob, Grep
Use the skill in a dedicated project directory and review any Bash, Write, or Edit actions before applying them to important files.
A mistaken deployment target could overwrite or add files in a live or important directory.
The deployment helper recursively copies files from a source directory into a user-supplied target directory. This is expected for deployment, but an incorrect target could affect many files.
parser.add_argument('target', help='Target deployment directory') ... shutil.copy2(source_file, target_file)Use `--dry-run` first, choose source and target paths explicitly, and avoid pointing the target at production or shared directories unless you intend to deploy there.
Users could overestimate the maturity of the included automation for trading or model deployment workflows.
The bundled implementation is partly template code, so users should not assume it provides a complete production-grade ML pipeline just from the skill description.
# Add processing logic here based on skill requirements
# This is a template that can be customizedTreat the scripts as starter utilities, inspect their behavior, and validate any ML or trading pipeline outputs independently before relying on them.