Suspicious Message Safety Check
PassAudited by ClawScan on May 9, 2026.
Overview
The provided artifacts show a coherent prompt-only scam-message triage skill that avoids links, payments, credentials, and network access, with only a minor release-process note.
This looks safe to install as a prompt-only helper. When using it, paste only redacted suspicious-message text and do not include passwords, OTPs, full account numbers, identity documents, or private conversations. If possible, prefer a version whose review and publish checklist has been completed.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may want to know that the skill's own checklist appears to mark review and publish authorization as incomplete.
The checklist indicates the release process may not have been fully completed even though the registry metadata shows a published version. This is a provenance/signoff note, not evidence of unsafe runtime behavior.
Cross-review: pending another developer; Test signoff: pending test role; Publish authorization: not requested; not authorized in this phase
Before broad use, update the release checklist or publish a reviewed version with completed signoff.