Data Source Audit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with broad or sensitive paths, the agent could read or create local files related to business data audits.
The skill requests filesystem access, which is expected for reading user-provided audit files and writing exports, but it still gives the agent local file handling authority.
"permissions": ["filesystem"]
Provide only the specific files or folders needed for the audit, and review any generated export before sharing it.
This does not show unsafe behavior, but it may make it harder to confirm package provenance and exact version identity.
The registry metadata reports an unknown source, and the included claw.json separately lists version 2.0.0, creating a minor provenance/version consistency point for users to verify.
Version: 2.1.0; Source: unknown
Verify the publisher, homepage, and installed version before using the skill with sensitive construction or business data.