Trust Decay Monitor
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent with its stated purpose of assessing whether old skill verifications may be stale, and the artifacts do not show credential use, persistence, mutation, or hidden behavior.
This skill appears safe to install for generating trust-freshness reports. Before using it, be aware that it may use curl or python3 to look up public ecosystem information, and avoid providing private marketplace URLs or non-public skill data unless you are comfortable having the agent analyze them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use local tools such as curl or python3 while helping assess skill trust freshness.
The skill declares local command-line tools as requirements, likely to fetch or process public verification, dependency, CVE, or endpoint data.
requires:
bins: [curl, python3]Use this skill with public skill identifiers or URLs unless you explicitly want the agent to analyze private marketplace information.
There is limited publisher/source context to independently review, but the artifact set itself does not include executable code or install steps.
The registry metadata does not provide an external source or homepage, which limits provenance context, although the submitted package is instruction-only and contains no code files.
Source: unknown Homepage: none
If provenance matters for your workflow, verify the registry owner and inspect the skill text before relying on its reports.