Local System Info (Iyeque)
PassAudited by ClawScan on May 1, 2026.
Overview
This read-only local metrics skill matches its stated purpose, though it can reveal local process names/usernames and depends on the external psutil package.
This skill appears safe for its stated purpose: it reads local CPU, memory, disk, and process information and prints JSON. Be aware that the process view can reveal running applications and local usernames, and that psutil is an external Python dependency.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the skill can show what programs are running and which local user owns them.
The process-list action reads local process metadata, including process names and usernames. This is consistent with the system-monitoring purpose, but it can reveal local activity.
for p in psutil.process_iter(['pid', 'name', 'username', 'cpu_percent', 'memory_percent']):
Use the processes action only when you are comfortable sharing local process information with the agent session.
Installing or running the skill may require fetching psutil from the Python package ecosystem.
The skill depends on the external psutil Python package. This dependency is disclosed and central to the stated purpose, but it is not version-pinned in the artifact.
"requires": { "bins": ["python3"], "pip": ["psutil"] }In controlled environments, install psutil from a trusted package source or pin an approved version.