Jq Json Processor
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward jq helper with disclosed, purpose-aligned command examples and no evidence of hidden behavior.
This appears safe to install if you want jq help. Be careful with examples that write back to files, and install jq from a trusted package source.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent applies these examples to important files, local JSON or project files could be changed.
This example shows jq being combined with shell redirection and mv to overwrite a local project file. It is clearly documented and purpose-aligned, but users should notice that running similar commands can modify files.
jq '.version = "2.0"' package.json > package.json.tmp && mv package.json.tmp package.json
Review file-modifying jq commands before running them, use temporary outputs or backups for important files, and confirm the target path is correct.
The skill relies on the locally installed jq package being trustworthy and available.
The skill depends on installing the external jq binary via a package manager. This is expected for a jq skill and no suspicious installer behavior is shown.
brew | formula: jq | creates binaries: jq
Install jq from a trusted package manager or official source and keep it updated.