Text
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only text-processing skill, with the main caution that some examples can read or edit local files if an agent runs them.
This skill appears safe for normal text work. Before letting an agent use its command examples, confirm the exact files involved, avoid running in-place edits on originals, and treat .env or config files as sensitive.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A text file could be changed or overwritten if an agent applies the command directly.
The skill documents local shell commands, including an in-place file edit. This fits text cleanup, but could alter a user file if run without review.
- **Remove BOM if present:** `sed -i '1s/^\xEF\xBB\xBF//'`
Run file-changing commands only on user-approved files, preferably on a copy or with a backup.
Secrets in a local .env file could be displayed if the command is used on a real project configuration file.
.env files commonly contain API keys or secrets. The example is a config-text parsing command and does not show exfiltration, but it could reveal sensitive values to the agent context or output.
# .env files grep -v '^#' .env | grep '='
Ask before reading .env or other credential-bearing files, and redact secret values unless the user explicitly needs them.