Aicodem skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to locally convert provided test-case data into an XMind file, with no artifact evidence of credential use, network access, persistence, or destructive behavior.
This looks like a purpose-aligned local file-generation skill. Before installing, note that it runs packaged Python code and writes a generated .xmind file; avoid putting sensitive test data into the output unless you are comfortable storing it locally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will run packaged Python code locally when invoked and may create the requested output file.
Invoking the skill executes an included Python script. This is expected for generating the XMind file, but it is still local code execution users should recognize.
steps:
- name: generate_xmind
type: python
entry: scripts/generate_xmind.pyInstall from a trusted source, review the script if provenance matters, and invoke it only for intended test-case data and output locations.
Users have less external context for verifying the publisher or source history of the included script.
The registry information does not provide an upstream source or homepage for independent provenance checks, although the included artifacts do not show suspicious dependencies or install behavior.
Source: unknown Homepage: none
Treat the packaged artifacts as the review source, and prefer installation only if you trust the publisher or have reviewed the included code.