Arrive Guideline Architect
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a local ARRIVE protocol drafting/checklist tool with no evidence of malicious behavior, though users should notice its broad local file/shell tool access and some incomplete helper-script references.
This looks suitable as a local drafting assistant for ARRIVE-style animal study protocols. Before installing, be comfortable with it reading and writing files in the working directory, avoid fetching missing helper scripts from untrusted sources, and treat all generated scientific, ethical, and statistical content as a draft requiring expert review.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in the wrong folder, the agent could read or modify local research files while preparing outputs.
The skill can read, write, edit files, and run shell commands. That matches its stated purpose of generating and validating local protocol documents, but it is broader local authority than a purely conversational checklist.
allowed-tools: [Read, Write, Bash, Edit]
Use the skill in a dedicated project directory and review any file writes or shell commands before applying them to important documents.
Some documented examples may not work as packaged, and users might be tempted to fetch unreviewed helper files from outside the skill.
SKILL.md references helper modules and scripts such as arrive_builder, sample_size, randomization, and validate.py, while the supplied manifest lists only scripts/main.py under scripts. This is a completeness/provenance gap if a user tries to obtain or run those missing helpers elsewhere.
from scripts.arrive_builder import ARRIVEBuilder
Use only the included files unless you independently verify any additional helper scripts before running them.
A user could over-trust generated protocol text for ethics review, statistical adequacy, or journal submission.
The wording may encourage reliance on generated protocols as ready for formal scientific or ethics use. The artifacts do not show deceptive behavior, but the claim should be treated as drafting assistance rather than approval or expert validation.
publication-ready animal research protocols compliant with ARRIVE 2.0 guidelines
Have protocols, sample-size calculations, welfare details, and IACUC/journal requirements reviewed by qualified human experts before use.