pip
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent pip helper for Python dependency management, with expected package-installation risks and virtual-environment guidance.
This skill appears safe for normal pip workflows. Before installing, plan to use a project virtual environment, review requirements.txt and package names, and confirm any global/default-environment install, uninstall, or requirements.txt overwrite.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing untrusted or mistaken dependencies could run third-party code or alter the Python environment.
The helper directly invokes pip installation from a requirements file. That is expected for a pip skill, but installing Python packages can run package build/install code and change the local environment.
pip_with_python "$python_bin" install -r "$req_file"
Use a project virtual environment, review requirements files and package names before installing, and avoid untrusted package sources or setup/build scripts unless explicitly approved.
A mistaken command could remove packages from the active/default Python environment rather than an isolated project venv.
The helper supports uninstalling packages without an interactive pip prompt, and when no --venv is supplied it acts on the default Python interpreter. This is purpose-aligned but can remove packages from the wrong environment if used carelessly.
pip_with_python "$python_bin" uninstall -y "$@"
Prefer --venv/.venv for installs and uninstalls, and ask for explicit user confirmation before global or default-interpreter package changes.