Senior Computer Vision
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user analyzes a malicious model file, running the script could execute code on their machine.
The optimizer loads user-supplied PyTorch model files. PyTorch checkpoint loading can involve pickle-style deserialization in common configurations, so an untrusted .pt/.pth file may execute code when analyzed. This is purpose-aligned and user-directed, but it needs caution.
checkpoint = torch.load(str(self.model_path), map_location='cpu')
Only run this script on trusted model files. For untrusted weights, prefer safer formats such as safetensors or ONNX, or update the script to use safer PyTorch loading options where available.
Users have less external context for verifying where the code came from or how it is maintained.
The skill includes runnable Python scripts, but the registry information does not provide an upstream source or homepage for provenance checking.
Source: unknown Homepage: none
Review the included scripts before use, run them in a controlled environment, and pin/install ML dependencies from trusted sources.