Decision Expert
Security checks across malware telemetry and agentic risk
Overview
The artifacts show a coherent local decision-analysis CLI with no evidence of credential access, data exfiltration, persistence, or destructive behavior.
This appears to be a benign decision-support skill. Before installing, make sure you trust the source and are comfortable with the npm dependencies used by the local CLI.
VirusTotal
58/58 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI may pull in npm dependencies, so the local environment depends on those packages being trustworthy.
The skill is a Node-based CLI that relies on third-party npm packages with semver ranges. This is purpose-aligned for a CLI tool, but it means installation depends on the npm supply chain.
"dependencies": { "commander": "^11.0.0", "inquirer": "^9.2.0", "chalk": "^5.3.0", "cli-table3": "^0.6.3", ... }Install only from a trusted source, review package provenance if needed, and consider using a lockfile or pinned dependency versions in managed environments.