Capa Officer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: capa-officer Version: 2.1.1 The 'capa-officer' skill bundle is a legitimate tool for managing Corrective and Preventive Action (CAPA) processes in a medical device Quality Management System. The Python script (scripts/capa_tracker.py) uses only standard libraries to process JSON data and generate reports, with no evidence of network activity, file system exploitation, or malicious execution. The documentation (SKILL.md and reference files) provides educational content and procedural guidance without any prompt injection attempts or instructions to perform unauthorized actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs the included script, they are executing local Python code rather than only reading guidance.
The package is described as instruction-only while also including a runnable helper script; this is not suspicious by itself, but users should notice the packaging mismatch before running local code.
No install spec — this is an instruction-only skill. ... Code file presence: scripts/capa_tracker.py
Review the included script before running it, and run it only against intended CAPA data files in a controlled local environment.