Decision Distiller
Security checks across malware telemetry and agentic risk
Overview
Decision Distiller appears to be a benign local decision-recording skill, with the main considerations being persistent local records and optional shell scripts.
This skill looks safe for its stated purpose. Before installing, be aware that it may create local decision-history files and that the included shell scripts come from a package with limited provenance; review the scripts and choose a suitable storage location for any sensitive decision records.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user chooses to run the helper scripts, they are running local code from a package with limited provenance information.
The skill includes shell helper scripts even though no install mechanism or source homepage is declared. The scripts are visible and purpose-aligned, but provenance and setup expectations are limited.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: 3 code file(s): scripts/create-decision.sh, scripts/list-decisions.sh, scripts/test.sh
Review the included scripts before running them and install from a trusted registry/source when possible.
Decision records can preserve sensitive context, trade-offs, and rationale beyond the current conversation.
The helper script writes decision records to persistent local markdown files. This is expected for the skill, but those records may later be reviewed or analyzed as accumulated context.
DATA_DIR="${DECISION_DATA_DIR:-$SKILL_DIR/data}" ... cat > "$OUTPUT_FILE"Store records in an appropriate location, avoid putting secrets in decision notes, and review stored records before reusing them for future analysis.