Bun
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only Bun reference with no hidden code or credential use, though one migration example deletes local dependency files and should be run carefully.
This skill appears safe to install as a Bun documentation aid. Before copying command examples, especially cleanup or lockfile migration commands, make sure you are in the intended project directory and have version-control backups.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed carelessly, the command could delete local dependency artifacts or lockfiles from the wrong project.
The migration example includes a deletion command that removes dependency directories and lockfiles before reinstalling with Bun. This is relevant to the package-manager migration purpose, but it can change or remove local project state if run in the wrong directory.
rm -rf node_modules package-lock.json yarn.lock bun install
Run cleanup commands only after confirming the current directory, keeping version-control backups, and understanding that lockfiles may be regenerated differently by Bun.