Truth Check
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only fact-checking skill with no code, install step, credentials, or persistence; the main thing to notice is that it encourages running generated code to verify it.
This skill appears safe to install as an instruction-only quality check. Be aware that its code-verification advice should be applied carefully: run generated code only in a safe sandbox and avoid executing examples with side effects unless you explicitly approve them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has a code execution tool, it may try to run generated examples to verify them, which could affect files, network, or local state depending on the code.
The skill tells the agent to run generated code as part of verification. That is aligned with checking code examples, but code execution can have side effects if not sandboxed.
3. **代码测试**: 生成的代码先运行验证
Only allow code tests in a constrained sandbox, and ask for user approval before running code that can modify files, access the network, install packages, or use credentials.