Airflow Dag Analyzer
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears benign and is focused on reviewing Airflow DAG files, with no installs, credentials, networking, or persistent access requested.
This skill is reasonable to use for Airflow DAG review. Before installing or invoking it, make sure you are comfortable with the agent reading the DAG files you provide, use the narrowest relevant path, and independently review any recommendations before making production changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If given a broad directory, the agent may inspect more Python files than intended.
The skill documents local shell/file-search commands for discovering Airflow DAG files. This is aligned with DAG analysis, but it means the agent may enumerate and read files under the user-provided DAG path.
find /path/to/dags/ -name "*.py" -type f grep -rl "DAG\|@dag" /path/to/dags/ --include="*.py"
Invoke the skill on a specific DAG directory or file, and review any proposed command scope before allowing broad searches.
Users have fewer publisher/source signals to rely on when deciding whether to trust the instructions.
The registry metadata provides limited provenance information. Because the skill is instruction-only with no install spec or dependencies, this is a provenance note rather than a material supply-chain concern.
Source: unknown Homepage: none
Review the skill text before use and prefer known publishers for higher-trust environments.
Local commands may run to enumerate files, but no artifact evidence shows code execution beyond purpose-aligned file discovery/search.
The instructions include local command examples. They are simple discovery/search commands and are central to the stated purpose; the artifacts do not show eval, dynamic execution of DAG code, downloads, or destructive commands.
```bash # Find all DAG files find /path/to/dags/ -name "*.py" -type f ```
Use a narrow path and avoid approving unrelated shell commands if suggested during use.
Sensitive details present in DAG files could appear in the conversation or generated report.
The skill intentionally loads local DAG source into the agent context for analysis. This is purpose-aligned, but DAG files can contain operational details, emails, callbacks, or accidental secrets.
The agent reads DAG Python files, parses task definitions, and produces a comprehensive quality report.
Point the skill only at intended DAG files and avoid including hardcoded secrets or unrelated sensitive source files.
Users may place extra trust in recommendations about production readiness or best practices.
The skill uses expert-role framing. This is common and purpose-aligned for an advisory review skill, but users should still treat its output as automated guidance rather than authoritative approval.
Acts as a senior data platform engineer auditing your Airflow deployment.
Validate important recommendations with code review, testing, and operational owners before changing production DAGs.