Python Automation

PassAudited by ClawScan on May 6, 2026.

Overview

This is a transparent Python automation toolkit; the main caution is that its scripts and examples can modify local files and may require third-party Python packages if you choose to use them.

This skill appears safe to install if you want Python automation help. Before using it, review any generated commands, run file-renaming actions in dry-run mode first, use backups for important data, and install optional Python packages in a virtual environment from trusted sources.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI02: Tool Misuse and Exploitation

What this means

A mistaken directory, filter, or rename pattern could rename many files at once.

Why it was flagged

The batch rename script can modify filenames in the selected directory when run without --dry-run. This is expected for the tool, but it is a bulk file mutation capability.

Skill content

def rename_files(pairs):
    ...
        src.rename(dst)
...
if args.dry_run:
    dry_run(pairs)
else:
    rename_files(pairs)

Recommendation

Use --dry-run first, limit the directory and extensions, keep backups for important files, and review the planned changes before running the actual rename.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing packages from public registries can introduce dependency risk if the wrong package or a compromised version is installed.

Why it was flagged

The skill suggests installing third-party Python packages without pinned versions. These are purpose-aligned optional dependencies, not automatic installs.

Skill content

`pip install openpyxl`; `pip install requests beautifulsoup4`; `pip install watchdog`; `pip install schedule`

Recommendation

Install only packages you need, prefer a virtual environment, verify package names, and pin versions for repeatable or sensitive workflows.

Note

ASI10: Rogue Agents

What this means

If a user later asks the agent to create cron jobs or file watchers, those automations could continue running after the immediate task.

Why it was flagged

The skill includes persistent or repeated automation patterns in scope. The artifacts do not install or start such persistence automatically.

Skill content

Automate repetitive system tasks (cron, file watching)

Recommendation

Create scheduled or file-watching tasks only with explicit approval, document how to stop them, and review what files or commands they will affect.