Data Source Audit
PassAudited by ClawScan on May 1, 2026.
Overview
The provided artifacts show a coherent instruction-only construction data audit skill, with purpose-aligned file handling but no evidence of hidden execution, exfiltration, or destructive behavior.
This looks safe to install from the provided artifacts, but use it only with intended construction audit files, avoid giving broad filesystem paths, and confirm the package source/version before processing sensitive business data.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with broad or sensitive paths, the agent could read or create local files related to business data audits.
The skill requests filesystem access, which is expected for reading user-provided audit files and writing exports, but it still gives the agent local file handling authority.
"permissions": ["filesystem"]
Provide only the specific files or folders needed for the audit, and review any generated export before sharing it.
This does not show unsafe behavior, but it may make it harder to confirm package provenance and exact version identity.
The registry metadata reports an unknown source, and the included claw.json separately lists version 2.0.0, creating a minor provenance/version consistency point for users to verify.
Version: 2.1.0; Source: unknown
Verify the publisher, homepage, and installed version before using the skill with sensitive construction or business data.