ia-md-docs
Security checks across malware telemetry and agentic risk
Overview
This is a coherent documentation-management skill that can edit persistent agent context files, so users should review the generated documentation, but the provided artifacts do not show malicious behavior.
This skill appears safe for its stated purpose, but review changes to AGENTS.md, CLAUDE.md, README.md, and CONTRIBUTING.md before accepting them. Pay special attention to AGENTS.md and CLAUDE.md because future agents may load them as instructions.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may change project documentation and the CLAUDE.md/AGENTS.md relationship in the working tree.
The workflow can write documentation files and create a symlink. This is expected for a documentation-management skill, but it is still a local file mutation users should review.
1. Write AGENTS.md with generated content 2. Create CLAUDE.md symlink: `ln -sf AGENTS.md CLAUDE.md`
Review the proposed diff or generated files before relying on them, especially if CLAUDE.md already contains important project-specific guidance.
Future coding-agent behavior may be shaped by the content this skill writes into AGENTS.md or CLAUDE.md.
The files this skill edits are persistent agent context files. Incorrect, stale, or overly broad instructions in those files could influence future agent sessions.
Ancestors load immediately: walking UP from the current working directory, every AGENTS.md / CLAUDE.md encountered is loaded at startup.
Check generated context files for accuracy, scope, and absence of secrets or unsafe instructions before committing or using them.