Swelist
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing the skill will place an external command-line tool on the system, so a compromised or changed package could affect what runs.
Why it was flagged
The skill installs and runs an external PyPI-distributed CLI package. This is purpose-aligned, but it means trust depends on the package provenance and update path rather than only the reviewed SKILL.md.
Skill content
uv | package: swelist | creates binaries: swelist
Recommendation
Install only if you trust the PyPI package and maintainer; consider pinning or verifying the package version in controlled environments.