defense draft
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user chooses to run the included helper scripts, they should be comfortable with the package source.
The registry-level source provenance is not resolved, while the package includes JavaScript files that could be run manually. The provided code and instructions do not show suspicious behavior, but users should verify provenance before executing included helpers.
Source: unknown; Homepage: none
Use the skill as an instruction/template helper; only run the JavaScript files if you trust the package source or have reviewed the code.