Q&A Prep Partner
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears benign: it runs a simple local Python script to generate practice Q&A and only reads an optional user-specified abstract file.
This skill is reasonable to install if you want local Q&A practice support. It runs a Python script and can read an abstract file you provide, so choose inputs intentionally; the reviewed code does not show network calls, credential use, persistence, or hidden behavior.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong local file, the tool may read it during processing, though the current code does not print, save, or send the file contents elsewhere.
The script can read a file path supplied through --abstract. This is expected for a Q&A preparation tool that accepts an abstract file, and the provided code does not transmit or write that content.
parser.add_argument("--abstract", "-a", help="Abstract text or file") ... with open(args.abstract) as f: topic = f.read()[:100] + "..."Use the --abstract option only with files you intend the skill to process, and avoid passing unrelated sensitive documents.