Code Weather
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill appears to provide a codebase health summary without requesting credentials, installs, persistence, or destructive actions; the main thing to notice is limited source provenance.
Before installing, understand that the skill is meant to summarize repository health, so use it only in codebases you are comfortable having your agent inspect. The provided artifacts do not show hidden code, credential use, persistence, or destructive actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less external context for who maintains the skill or where to review its history, but the provided artifacts do not show executable code or hidden setup.
The artifacts do not identify an upstream source or homepage, which gives users less provenance context. However, the skill is instruction-only with no install spec or code files, so this is a notice rather than a material concern.
Source: unknown; Homepage: none
Review the SKILL.md text before use and prefer installing from sources or publishers you trust.