Spacex
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This appears safe for public SpaceX lookups, but before installing, verify the external GitHub repository or executable because the submitted package only contains documentation and not the actual CLI script. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local `spacex` command to retrieve public SpaceX information.
The skill tells the agent to execute a local CLI command. That is expected for this CLI lookup purpose and appears limited to SpaceX queries.
**When user asks about SpaceX:** 1. Run `./spacex launches` for upcoming launches
Keep use limited to SpaceX lookups and make sure the `spacex` executable being run is the intended one.
The actual code that runs may come from an external GitHub repository not included in the submitted artifacts.
The reviewed artifact set has no install spec and no included executable script, so following the README would fetch implementation code from an external repository outside this review.
git clone https://github.com/jeffaf/spacex-skill.git spacex
Inspect and trust the external repository before installing or running it, and prefer a reviewed/pinned release if available.