Python Automation
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken directory, filter, or rename pattern could rename many files at once.
The batch rename script can modify filenames in the selected directory when run without --dry-run. This is expected for the tool, but it is a bulk file mutation capability.
def rename_files(pairs):
...
src.rename(dst)
...
if args.dry_run:
dry_run(pairs)
else:
rename_files(pairs)Use --dry-run first, limit the directory and extensions, keep backups for important files, and review the planned changes before running the actual rename.
Installing packages from public registries can introduce dependency risk if the wrong package or a compromised version is installed.
The skill suggests installing third-party Python packages without pinned versions. These are purpose-aligned optional dependencies, not automatic installs.
`pip install openpyxl`; `pip install requests beautifulsoup4`; `pip install watchdog`; `pip install schedule`
Install only packages you need, prefer a virtual environment, verify package names, and pin versions for repeatable or sensitive workflows.
If a user later asks the agent to create cron jobs or file watchers, those automations could continue running after the immediate task.
The skill includes persistent or repeated automation patterns in scope. The artifacts do not install or start such persistence automatically.
Automate repetitive system tasks (cron, file watching)
Create scheduled or file-watching tasks only with explicit approval, document how to stop them, and review what files or commands they will affect.