skill-update-delta-monitor
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill coherently helps compare skill versions for security-relevant changes, with only expected use of local/version-control/network tools that users should scope carefully.
This appears safe to use for its stated purpose. Provide only the specific skill snapshots or directories you want compared, and treat its output as a review aid rather than an automatic instruction to update or roll back skills.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on broad directories, the agent may inspect more local skill files or history than the user intended, even though this is aligned with the skill's monitoring purpose.
The skill may rely on command-line tools and inspect local skill directories or history. This is expected for delta monitoring, but users should scope what directories or snapshots are provided.
requires: bins: [curl, python3, git] ... A local skill directory with version history (git history supported) ... Two skill snapshots
Invoke it only on the specific skill identifier, directory, or snapshots you want reviewed, and review its report before taking update or rollback action.
There is less external context for verifying the publisher or tracking upstream changes, but no hidden helper code or install script is shown.
The skill has limited external provenance information, although the provided package contains only instructions and no executable install payload.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; No code files present
Prefer installing from publishers you trust and re-check this skill's own SKILL.md on future updates.