Yamlcheck
PassAudited by ClawScan on May 1, 2026.
Overview
Yamlcheck appears to be a straightforward local YAML validation and conversion tool, with expected local script execution and dependency setup caveats.
This looks safe for normal YAML checking. Before installing or using it, make sure you are comfortable running the included local script, install optional PyYAML only from a trusted source, and be careful using conversion or key-preview commands on YAML files that contain secrets.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the optional dependency changes the local Python environment and relies on the package source used by pip.
The skill documents an optional external package install. This is purpose-aligned for YAML parsing, but users should recognize it as an additional dependency installed outside the skill's no-install-spec metadata.
`PyYAML` (optional — enables full parsing; install with `pip3 install pyyaml`)
Install PyYAML only from a trusted package index and preferably in a project virtual environment.
Running the skill executes local script/Python code and may display contents or summaries of the YAML file being checked.
The helper is a Bash script that invokes local Python to parse the specified YAML file. This is expected for the skill's stated function and the visible code uses local file reads rather than network transmission.
#!/usr/bin/env bash ... python3 -c "\nimport yaml, sys, os\n\npath = sys.argv[1]\ntry:\n with open(path, 'r') as f:\n docs = list(yaml.safe_load_all(f))
Use it on files you intend to inspect or convert, and avoid converting sensitive YAML files into chat-visible output unless that is intended.