Cognitive Reframe
Security checks across malware telemetry and agentic risk
Overview
The skill appears security-benign: it provides disclosed CBT-style reframing and crisis guidance without credentials, network access, persistence, or file mutation, though its provenance is limited and it includes a local Python entry point.
From a security perspective, this skill looks proportionate to its stated purpose. Be aware that it is a self-help mental-health exercise, not professional care, and that it includes local Python code with limited provenance information.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less external information for verifying who maintains the skill or where the package came from.
The registry does not provide an upstream source or homepage, so provenance is limited. This is only a note because the included files are visible, there are no declared dependencies, and no remote install script is present.
Source: unknown Homepage: none
Review the included files before installing and prefer skills with clear source provenance when available.
If invoked, the skill may run local Python code to process the user's text, but the reviewed code appears limited to local text analysis and response generation.
The skill includes a local executable Python entry point that reads command-line user text and prints a JSON response. This is purpose-aligned and the shown code does not include network access, file writes, credential access, or destructive behavior.
def main():
user_input = " ".join(sys.argv[1:]) if len(sys.argv) > 1 else ""
...
if __name__ == "__main__":
main()Use it as a visible local helper and avoid granting it extra permissions or credentials that it does not request.