attestation-chain-auditor
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is a coherent attestation-chain auditing guide, with only a minor note that it may use curl/python3 or API checks to inspect public trust metadata.
This appears safe to install as an instruction-only auditing helper. Before using it, be aware that it may rely on curl or python3 for audit-related lookups or processing, so approve any proposed commands and avoid providing sensitive private attestation data unless needed.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use local tools or network-style lookups while helping audit attestation chains, but the artifacts do not show unsafe commands, credential use, or account mutation.
The skill declares command-line tooling that could be used for fetching or processing attestation metadata. This is aligned with the auditing purpose, but it is still a capability users should notice.
requires:\n bins: [curl, python3]
Use it with attestation data or identifiers you intend to audit, and review any proposed curl/python commands before allowing them to run.