jq

PassAudited by ClawScan on May 1, 2026.

Overview

This is a simple jq command reference; the only notable item is a user-directed external install step.

This skill appears safe and purpose-aligned as a jq usage reference. Before installing jq, use a trusted package manager or the official jq download page.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing jq adds an external CLI tool to the user's environment.

Why it was flagged

The skill directs the user to install an external command-line binary. This is expected for a jq skill, but users should still verify they are installing jq from trusted sources.

Skill content

brew install jq ... See [jqlang.org/download](https://jqlang.org/download/) for packages, binaries, and build instructions.

Recommendation

Install jq only from trusted package managers or the official jq download site, and avoid unofficial binaries.