First Aid
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a simple first-aid lookup skill with no credentials, network access, or destructive behavior.
This skill looks safe from an artifact-based security perspective. It provides simple first-aid reference text and creates a disclosed local data directory, but it does not show credential use, network calls, or high-impact system actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill may create a small local directory under your home folder.
The script creates a persistent local directory. This is disclosed in SKILL.md and there is no evidence of background execution, hidden persistence, or data exfiltration.
DATA_DIR="$HOME/.local/share/first-aid" mkdir -p "$DATA_DIR"
This is low risk; if you do not want the local directory, it can be removed after use.