MLOps Industrialization
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned, but its package generator can overwrite local files and does not validate package paths, so it needs review before use.
This looks like a straightforward local package scaffolding helper, but review it before running. Execute it only in the intended project directory, use a simple package name such as letters/underscores only, and avoid running it where existing files could be overwritten.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with an unsafe package name or inside an existing project, the script could create or overwrite files outside the intended package scaffold.
The package path is built directly from the first script argument, with no rejection of path separators or '..', and the script writes files using redirection that can overwrite existing files.
PACKAGE_NAME="${1:-my_package}"
PACKAGE_DIR="${PACKAGE_NAME//-/_}"
mkdir -p "src/$PACKAGE_DIR"/{io,domain,application}
cat > "src/$PACKAGE_DIR/domain/features.py" << 'EOF'Use only simple Python package names, run it in a clean working tree, and back up existing files. The maintainer should validate package names, reject path traversal, and avoid overwriting files without confirmation.