Product Manager Toolkit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run local Python scripts against files you provide, such as feature CSVs or interview transcripts.
The skill instructs the user to run bundled local Python scripts. This is expected for the toolkit’s analysis functions and is shown openly, but users should recognize that it executes local code.
python scripts/rice_prioritizer.py sample python scripts/rice_prioritizer.py sample_features.csv --capacity 15 python scripts/customer_interview_analyzer.py interview_transcript.txt
Run the scripts only on intended files and review the bundled code if your transcripts or roadmap data are sensitive.
You have less external provenance context for who authored or maintains the included scripts.
The skill has limited provenance information even though it includes runnable scripts. The provided artifacts and static scan do not show malicious behavior, so this remains a notice rather than a concern.
Source: unknown Homepage: none
Prefer installing from trusted publishers when possible, and review the included scripts before use in sensitive business environments.