ia-python-services
Security checks across malware telemetry and agentic risk
Overview
The provided artifacts describe a documentation-only Python development guidance skill with no install step, code execution, credentials, or hidden data access.
This appears safe to install as a documentation-only Python development skill. Treat its suggested `uv` and `ruff` commands like normal development operations: run them only in the intended project and review file changes afterward.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed, the agent may suggest or run commands that edit Python project files, lockfiles, or formatted source code.
These are explicit project-maintenance commands that can change dependency files or modify source formatting. This is expected for a Python services/CLI guidance skill, but it is still user-visible local mutation.
`uv add <pkg>`, `uv add --group dev <pkg>` ... `ruff check --fix . && ruff format .`
Review dependency and formatting diffs before committing or accepting generated changes.