Asking Until 100
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent clarification aid for coding/build work, with only low-risk notes around repo inspection and optional bundled helper scripts.
This appears safe for its stated purpose. Before installing, be aware that it is designed to look at repository context and may use a local `.asking-until-100.yaml` file to adjust its behavior; run the bundled scripts only if you are comfortable trusting that local code.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private repo structure or local configuration may be summarized or used in the agent's reasoning, and a repo-local config can influence how much the agent asks before acting.
The skill intentionally uses local repository context and repo-local configuration to shape the agent's questioning behavior.
Load explicit instructions and repo-local config such as `.asking-until-100.yaml` ... Inspect the repo when it looks relevant
Use this skill in repositories you are comfortable letting the agent inspect, and review any `.asking-until-100.yaml` file if the questioning behavior seems unexpected.
If you or the agent run the helper scripts, you are trusting bundled Python code even though no separate install step is required.
The skill is described as instruction-only in the install metadata but includes bundled helper scripts for optional local use.
`scripts/validate_config.py` validates profile files ... `scripts/render_project_structure.py` renders prompt-only or repo-aware provisional structures
Treat the scripts as optional helpers; review or avoid running them if you only want the instruction-only clarification behavior.