Cto Advisor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the helper scripts executes local code and may create output files such as a JSON report.
The skill asks the user to run included Python helper scripts locally and generate a report file. This is disclosed and aligned with the skill's technical-debt assessment purpose, but users should notice that it involves local code execution.
python scripts/tech_debt_analyzer.py --output report.json
Run the scripts only when you intend to use the calculators, and review the command and output path before executing.
Users have less external provenance information for the included helper code.
The registry metadata does not provide source or homepage provenance, while the skill includes runnable Python scripts. The scripts are disclosed in SKILL.md and no suspicious static findings are reported, so this is a provenance note rather than a concern.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: 2 code file(s)
Review the included scripts before running them, especially if using them in a sensitive repository or business environment.