senior-pm
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent project-management helper with templates and local analysis scripts, with no artifact-backed malicious behavior found.
This skill looks reasonable for project-management analysis. Before installing, note that it includes local Python helper scripts and has limited source/homepage provenance; review or trust those scripts before running them on real budget, staffing, or risk data.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user or agent runs the examples, local Python code will process the selected project JSON data and produce analysis outputs.
The skill documents running included Python helper scripts. This is executable local code, but it is clearly disclosed and directly supports the stated portfolio-analysis purpose.
python3 scripts/project_health_dashboard.py assets/sample_project_data.json
Run the scripts only on intended project data, and review the included script behavior before using real confidential portfolio information.
Users have less provenance context for the included helper scripts than they would with a linked source repository or homepage.
The package has limited provenance metadata and includes helper code despite no install specification. This is worth noticing, but the scripts are purpose-aligned and no suspicious static findings were reported.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill. Code file presence: 3 code file(s)
Prefer installing from a trusted publisher or review the packaged scripts before relying on them for business reporting.