Ux Researcher Designer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run local code when the user follows the persona-generation workflow.
The workflow instructs the user to run an included local Python helper script. This is code execution, but it is explicitly documented and central to generating personas.
python scripts/persona_generator.py
Run the helper only when you intend to generate personas, and review or keep a trusted copy of the script if using sensitive research data.
Installation metadata may not fully tell users what local runtime is needed before they follow the documented command.
The registry metadata does not declare Python as a required binary even though the documented workflow uses a Python script. This is an under-declared setup requirement, not evidence of malicious behavior.
Required binaries (all must exist): none
Confirm Python is available before use; the publisher should declare the Python runtime requirement in metadata.