UAP Release Analyzer
PassAudited by ClawScan on May 9, 2026.
Overview
This looks like a purpose-aligned local PDF analysis skill; users should mainly notice that it runs local Python scripts, stores extracted document text, and installs unpinned Python dependencies.
This skill appears safe for its intended use: analyzing a local folder of declassified UAP/FOIA files. Before installing, be comfortable with running the bundled Python scripts, installing pdfplumber and pypdf, and having extracted text plus reports written into the release folder. Use a virtual environment, run it only on folders you choose, and avoid sensitive/private directories unless you are prepared to manage the generated copies.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can read PDFs/images in the chosen folder and create output files there.
The skill explicitly tells the agent to execute bundled Python scripts on a user-provided path. This is central to the skill's document-analysis purpose, but users should understand that code will run locally.
When the user just says "analyze the release at `<path>`", run all four in sequence with that path.
Run it only on folders you intend to analyze, preferably in a normal user account or sandbox rather than with elevated privileges.
A future dependency version could behave differently from the author's tested environment.
The Python dependencies are installed from the package ecosystem without version pins. This is common and purpose-aligned, but less reproducible and more supply-chain-sensitive than pinned installs.
python3 -m pip install pdfplumber pypdf
Use a virtual environment and consider pinning known-good versions of pdfplumber and pypdf before repeated or sensitive use.
If the input folder contains sensitive or private documents, extracted text and summaries may remain on disk and could be included in backups or cloud sync.
The workflow persists extracted document text, analytics, and summaries under the release directory. This is expected for the purpose, but it can create additional local copies of document contents.
text/ # extracted text per PDF (created) analytics/ # aggregated outputs (created) REPORT.md # human-readable analytic writeup (created)
Use the skill on intended declassified/public folders, avoid shared or synced locations for sensitive material, and delete generated text/analytics files when no longer needed.
If used, the agent may interact with an external government website and download files into the user's workspace.
The reference material documents optional browser or shell-based scraping/download workflows for war.gov. It is disclosed and related to obtaining public release files, but it expands the workflow beyond purely local analysis.
If you need shell `curl`/`wget`, ask the user to allowlist `www.war.gov`. Otherwise drive everything through the browser MCP and save via `<a download>`.
Only allow network/browser scraping when you explicitly want the agent to fetch those public files, and review the target domain and destination folder first.