R Stats
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate R statistics helper that runs local R/bash analysis on user-selected datasets, with only normal cautions about trusting the local scripts and package setup.
This skill is reasonable for local R-based statistical analysis. Before installing, make sure you are comfortable running its bash/R helper script, only point it at datasets you intend to analyze, and verify any first-time package setup commands if you use sensitive or regulated data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will run local analysis commands and read the dataset/spec files you point it at.
The skill relies on executing a local bash script that likely invokes R against user-supplied files. This is expected for the stated purpose, but it is still local code execution.
Run schema inspection: `bash {baseDir}/scripts/run-rstats.sh schema --data <path>` ... run: `bash {baseDir}/scripts/run-rstats.sh analyze --spec <path>`Use it only with datasets you intend to analyze, and inspect or trust the bundled script before running it on sensitive data.
You have less external information for deciding whether to trust the bundled helper scripts and examples.
The registry metadata does not provide an upstream source or homepage, which limits provenance verification even though no malicious behavior is shown.
Source: unknown; Homepage: none
Prefer installing from a known publisher or review the files locally before running setup or analysis commands.