UV Global
PassAudited by ClawScan on May 1, 2026.
Overview
The skill transparently creates a persistent global Python uv environment; review the installer, broad package set, and shared .env behavior, but the artifacts do not show malicious or deceptive behavior.
This skill appears coherent for users who want a reusable uv-based Python environment. Before installing, be comfortable with running the installer, adding a broad set of Python packages, and maintaining a shared ~/.uv-global/.env file; avoid using it for untrusted scripts or unnecessary secrets.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup can execute installer code from the network and change the user's local Python tooling.
If uv is absent, the installer can run a package-manager install or pipe the official uv installer script into sh.
command -v uv > /dev/null 2>&1 || brew install uv || (curl -LsSf https://astral.sh/uv/install.sh | sh)
Run the installer only when you intend to set up this environment, and prefer reviewing or preinstalling uv yourself if you want tighter control.
Future package versions or transitive dependencies could change what is installed in the global environment.
The script installs a broad set of latest Python packages into the shared uv environment rather than using a reviewed lockfile included in the artifact set.
uv add --quiet \
loguru python-dotenv humanize ... markitdown[all] ... openai anthropic google-genaiIf reproducibility matters, pin package versions or inspect the generated lockfile after installation.
Environment variables, including possible API keys added by the user, can be reused by any script run through these shims.
The installer creates a persistent ~/.uv-global/.env file and helper shims that load that file for future runs.
touch ${UV_ENV_FILE} ... uv --project ${UV_PROJECT} run --env-file ${UV_ENV_FILE} "$@"Keep the shared .env file minimal, avoid storing unnecessary secrets there, and review it before running untrusted scripts.