1.2.0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent incident-triage playbook with no evidence of hidden exfiltration or destructive behavior, though users should review its external command assumptions before using it on a real incident system.
This skill appears safe as a runbook/checklist. Before installing or using it during a real incident, confirm that any `triage` or `workflow` command it invokes is the intended local tool and review owner/timeline changes before they are applied.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the commands are run against a real incident tool, they may change who owns an incident or what is recorded in the incident timeline.
These commands could modify an incident timeline or ownership field if connected to a real triage system. That is aligned with the skill's incident-response purpose, but it is still a user-visible operational action.
`triage timeline --append "<event>"` - `triage owner --set "<oncall>"`
Confirm the target service, severity, and owner before allowing the agent to run incident-management commands.
The playbook may rely on local tools that are not installed, not reviewed, or differently configured in the user's environment.
The registry metadata declares no required binaries or install steps, while SKILL.md documents `triage` and `workflow` CLI commands. This does not show unsafe behavior, but it means the provenance and behavior of those external tools are outside the supplied skill artifacts.
Required binaries (all must exist): none Required binaries (at least one): none No install spec — this is an instruction-only skill.
Verify what `triage` and `workflow` resolve to in your environment before using the commands during an incident.
This mismatch could cause confusion about the package identity, but it does not by itself indicate harmful behavior.
The healthcheck script prints a different skill name than `incident-triage-playbook`, suggesting a minor copy/paste or provenance inconsistency. The script itself only echoes text and does not perform risky actions.
echo "ok: pipiwu-benchmark-alpha-skill 1.2.0"
Treat the mismatch as a packaging quality issue and verify the skill source if provenance matters for your environment.