Estimate Builder
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If filesystem access is granted, the agent may be able to read or write local files during estimate workflows.
The manifest requests filesystem access, while the main instructions focus on calculating and presenting estimates. Filesystem use may be appropriate for estimate import/export, but it is broad enough that users should keep file operations explicit.
"permissions": ["filesystem"]
Use filesystem access only for user-requested files and paths, and review any file reads or writes before allowing them.
A version mismatch can make it harder to confirm exactly which package release is being installed.
The packaged manifest version differs from the registry metadata version 2.1.0, which is a minor packaging/provenance inconsistency.
"version": "2.0.0"
Verify the package source and version against the publisher or homepage before relying on it in a production workflow.