Devin Floyd
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a benign instruction-only security scanner, but it references a scanner script that is not included in the artifacts.
This skill appears safe from the provided artifacts, but it also appears incomplete. Do not rely on its security verdicts until you have reviewed or obtained the missing scan.py implementation from a trusted source.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill does not show harmful behavior, but it may be incomplete or require code from outside the reviewed artifacts.
The documentation tells users to run a local scanner script, but the provided manifest contains only SKILL.md files and no scan.py implementation. This is a provenance/completeness issue users should notice before relying on the tool.
python scan.py --skill <skill-name>
Before installing or using it, verify the referenced scanner code from a trusted source and confirm it matches the documented behavior.