Top Tool
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the tool may place local process names and command-line arguments into the agent conversation or logs.
The script enumerates all readable local processes and prints their command lines. That is purpose-aligned for a process monitor, but command-line arguments can sometimes contain tokens, file paths, or other sensitive operational details.
for p in os.listdir('/proc'):
if p.isdigit():
... open(f'/proc/{p}/cmdline', 'r')Use it only when you are comfortable sharing process listings with the agent, and avoid relying on it in environments where command lines may contain secrets.
A user may think output is filtered or sorted when the included script would not actually enforce those controls.
The documentation advertises filtering, batch, and sort options, but the provided script contains no argument parsing and always iterates over all readable /proc entries. This is a reliability and trust note rather than evidence of malicious behavior.
- `-u user`: Show only processes for a user - `-b`: Batch mode for logging - `-o FIELD`: Sort by specific field
Do not rely on the documented options for limiting output unless the implementation is updated to enforce them.
There is less external context for verifying the publisher or intended project source.
The skill has limited provenance metadata. However, the provided code is small, local, and has no dependency installation or remote download behavior.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included source before use and prefer a published source/homepage for higher-assurance environments.