Code
Security checks across malware telemetry and agentic risk
Overview
This is a coherent instruction-only coding workflow skill with disclosed, user-controlled project work and a small optional local preference file.
This skill appears safe to install as an instruction-only coding workflow. Before using it, be aware that approved coding tasks may change your project files, and that any saved preferences in ~/code/memory.md can influence future sessions.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved coding steps may modify files or run verification in the user’s project.
The skill is intended to guide implementation work that may change project files, but the artifact frames this as step-by-step and user-approved.
When user approves a step: 1. Execute that step 2. Verify it works 3. Report completion to user 4. Wait for user to approve next step
Use normal safeguards such as version control, reviewing diffs, and approving each step before changes are made.
Saved preferences may affect future coding sessions and could cause unwanted behavior if incorrect or overly broad preferences are stored.
The skill uses a persistent local memory file that can influence future coding behavior, though the artifacts scope it to explicit user-provided preferences.
Read `~/code/memory.md` for user's stated preferences if it exists... Only store what user explicitly asks to save.
Only save non-sensitive preferences intentionally, and review or delete ~/code/memory.md if preferences become outdated or incorrect.