Scripting Utils
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a development helper skill, but users should review its system-management examples, web search use, and local dependency before running it.
This skill looks broadly consistent with its development-utility purpose. Before installing or using it, verify any local ../json-utils dependency, preview system-management commands before running them, and avoid sending sensitive project or API details through automatic WebSearch lookups.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the skill could help run commands that install packages or affect services/networking on a machine.
The skill documents package/system-management actions. This is disclosed and purpose-aligned, but such actions can change the host system if executed rather than only displayed.
python scripts/system_manager.py --action install --package nginx --os ubuntu
Only run system-management helpers after confirming what command will execute, and prefer dry-run or command-preview behavior where available.
JSON/WebSearch functionality may rely on another local package whose behavior is not shown here.
The package references a local dependency outside the provided skill manifest. That may be legitimate, but it means some functionality could depend on code not reviewed in these artifacts.
"dependencies": [
"../json-utils"
]Verify the ../json-utils package source before installing or running features that depend on it.
Search terms, API names, or related context may be sent to external documentation/search providers.
The skill discloses external documentation/WebSearch access. This is aligned with the purpose, but users should be aware that search queries or API-documentation requests may leave the local environment.
All modules support automatic documentation lookup ... Auto-fetches syntax from Microsoft docs if needed
Avoid using automatic lookup with proprietary code, private API details, or sensitive query text unless you are comfortable sending that context externally.