json-formatter-pro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward local JSON formatter/validator that reads chosen JSON input and optionally writes formatted output.

This skill is reasonable to install for local JSON formatting. Only run it on JSON files you intend to expose to the agent, and be careful with the output path because the script can write to local files.

VirusTotal

No VirusTotal findings

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI02: Tool Misuse and Exploitation

Low

What this means

If the agent or user chooses the wrong output path, an existing local file could be replaced with formatted JSON output.

Why it was flagged

The tool can write formatted JSON to a user-supplied output path. This is expected for a formatter, but it can overwrite a local file if invoked with an existing destination.

Skill content

Path(destination).write_text(content, encoding='utf-8')

Recommendation

Use explicit output filenames, avoid pointing the output option at important files, and review paths before running with -o/--output.