Preflight
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Preflight appears purpose-aligned for checking draft content with AI personas, with minor notes about custom persona files, model-endpoint data sharing, and an undeclared helper-script dependency.
This skill looks reasonable for pre-publication feedback. Before installing or using it, check any project-specific persona file, use only a trusted model endpoint for confidential drafts, and be aware that the bundled helper may need a manually installed Python dependency.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A project file could change how the skill judges your draft and make feedback less reliable.
A project-local file can persistently define the personas used for future evaluations. This is intended customization, but a tampered persona file could bias the verdict or rewrite suggestions.
Check for `preflight-personas.md` in the project root. If it exists, use those personas. Otherwise use the defaults in `references/personas.md`.
Review any `preflight-personas.md` file before relying on the result, especially in shared or untrusted repositories.
If configured to use a remote endpoint, unpublished launches, pricing, or announcements may leave your machine.
The helper sends draft content to an OpenAI-compatible model endpoint. The default base URL is local Ollama, but the script also allows a different endpoint via `--base-url`.
client = OpenAI(api_key="ollama", base_url=base_url)
Use a trusted local or approved model endpoint, and avoid submitting confidential drafts to unknown remote services.
Using the helper may require manually installing an unpinned package that is not captured in the skill metadata.
The included helper has a Python package dependency, while the registry metadata declares no install specification. This is not suspicious by itself, but it is an under-declared setup requirement.
Error: openai package required. Install with: pip install openai
Install dependencies from trusted package sources, consider pinning versions, and prefer metadata that declares required runtime packages.