Parser
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Some commands may fail unless python3 is available, and jq changes the JSON parsing path when installed.
The skill text discloses runtime dependencies, while the registry metadata lists no required binaries. This is purpose-aligned but may cause setup surprises.
## Requirements - python3 - jq (optional)
Confirm python3 is installed before using XML/YAML parsing, and treat jq as an optional dependency for JSON parsing.
Using the skill runs local helper code on files you provide.
The skill is designed to invoke a bundled local shell script. This is expected for a command-line parser, but it is still local code execution.
```bash scripts/script.sh json ```
Use it only on files you intend to parse, and review the bundled script if your files contain sensitive information.
Parsed content from private files could remain on disk in a local cache.
The skill discloses local caching of parse results, which may retain structured data extracted from user files.
## Data Storage Parse results can be cached in `~/.local/share/parser/`.
Avoid parsing secrets unless you are comfortable with local caching, or clear the parser cache after use.