Publisher Identity Verifier
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and asks for no credentials, persistence, or account-changing authority, though it may use public web lookups to produce publisher trust reports.
This skill appears safe to install as an instruction-only verifier. Treat its trust ratings as heuristic signals, independently verify any serious claims about a publisher, and avoid supplying private or credential-like information.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use local tooling or web requests when investigating publisher identities.
The skill declares command-line tools that could be used for web retrieval and local analysis. This is expected for checking public publisher identity signals, and the artifact does not show unsafe or automatic commands.
requires:\n bins: [curl, python3]
Use public publisher or skill identifiers as input, and avoid providing secrets or private account data unless a future version clearly explains why they are needed.
You have less external information for confirming who maintains the skill or where its instructions came from.
The registry metadata does not provide an external source repository or homepage to corroborate provenance. The impact is limited because this is an instruction-only skill with no code files or installer.
Source: unknown; Homepage: none
Review the SKILL.md content directly and prefer verified source links if they become available.