Photo Album Shelf Index

AdvisoryAudited by Static analysis on May 13, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

It may be slightly harder to confirm the exact packaged version, but the artifacts do not show unsafe behavior.

Why it was flagged

The registry metadata lists version 1.0.1 while the packaged skill.json and SKILL.md declare 1.0.0, creating a minor packaging/provenance inconsistency. There is no executable code or install step tied to this mismatch.

Skill content

"version": "1.0.0"

Recommendation

The publisher should align the registry and packaged version fields; users can treat this as a prompt-only skill with no executable install risk shown.