Sysinfo Tool
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can collect and display local system inventory and process information in the conversation.
The script invokes fixed local OS commands to collect disk and process information. This is expected for a system diagnostics tool and is not shell-expanded or user-controlled, but users should know local commands are run.
subprocess.run(['df', '-B1', '-T'], capture_output=True, text=True, check=True) ... subprocess.run(['ps', 'aux', '--sort=-pcpu'], capture_output=True, text=True)
Use the tool only when you want diagnostics, and review the output before sharing it externally.
Users have less external context about who maintains the skill or how the command is installed and invoked.
The skill has limited provenance and no install specification. The included visible source is coherent and the static scan is clean, so this is a transparency note rather than a security concern.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install only if you are comfortable with the provided source and limited provenance; verify the command path if it does not run as expected.