strikeradar

PassAudited by ClawScan on May 1, 2026.

Overview

The skill is a disclosed CLI wrapper around a public StrikeRadar API, with no credentials, local data access, persistence, or destructive behavior evident.

This appears safe to use if you trust the source and are comfortable with `npx/tsx` and the tool querying `api.usstrikeradar.com`. Treat the output as informational only, as the skill itself warns not to rely on it for personal, financial, or safety decisions.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

If `tsx` is not already installed, running the command may fetch and execute that package through npm.

Why it was flagged

The documented execution path uses `npx tsx` without a pinned version, so running the skill may rely on an external npm-provided runner in addition to the reviewed script.

Skill content

npx tsx {baseDir}/scripts/strikeradar.ts status

Recommendation

Use a trusted or pinned `tsx` installation if you want tighter supply-chain control, and install the skill only from the expected repository.