Pattern Miner
Security checks across malware telemetry and agentic risk
Overview
The included artifacts show a simple local JSON analysis script, but the documentation has some purpose and dependency mismatches users should notice.
This appears safe to review as a simple local script, but its published description and dependency instructions do not fully match the included code. If you use it, run it only on files you choose, preferably in a virtual environment, and do not expect the advertised shell/code automation features from the provided artifacts.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may install the skill expecting code or shell automation generation, but the provided implementation only performs basic local JSON inspection.
This advertised purpose does not match SKILL.md's structured-data analysis description or the included script, which only reads and summarizes JSON files. The mismatch could mislead a user about what the skill actually does, although it does not show malicious behavior.
Description: Automatically detects repeated code and command patterns in Python/Shell, generating reusable Jinja2 templates and shell automation scripts via CLI.
Treat the published description as unreliable unless the maintainer updates it to match the included files.
Installing packages from PyPI can add code to your environment beyond what is shown in the skill artifact.
The skill instructs the user to install unpinned third-party packages, and these dependencies are not declared in the registry requirements. This is user-directed setup and broadly consistent with data analysis, but users should be aware of the supply-chain exposure.
pip install numpy scikit-learn pandas
Install dependencies only in a trusted virtual environment, and prefer pinned versions or a reviewed requirements file if available.