Encoding & Formats
Security checks across malware telemetry and agentic risk
Overview
This is a coherent instruction-only reference skill for encoding, decoding, and format conversion, with only purpose-aligned cautions around local file commands and JWT handling.
This skill appears safe to install as a reference tool. Before using it, review any generated shell command, especially commands that write files or edit files in place, and avoid pasting real JWTs or other secrets unless necessary.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, example commands could overwrite outputs or modify the wrong local file.
These examples use local shell tools to read, create, overwrite, or modify files. That is expected for an encoding/format-conversion skill, but incorrect filenames or redirection could affect user files.
base64 image.png > image.b64 ... base64 -d image.b64 > image.png ... iconv -f ISO-8859-1 -t UTF-8 input.txt > output.txt ... sed -i '1s/^\xEF\xBB\xBF//' file.txt
Review filenames, output paths, and in-place edits before running commands; make backups before modifying important files.
A real JWT could reveal account claims or be usable as an access token if copied into logs, chats, or untrusted places.
JWTs can be authentication or session-bearing tokens. The skill’s JWT handling is purpose-aligned and locally framed, with no evidence of storage or transmission, but pasted tokens may still be sensitive.
Decoding JWT tokens to see claims
Use redacted or non-production tokens when possible, and avoid sharing full JWTs unless you trust the environment and the recipient.