Scripting Utils
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the skill could help run commands that install packages or affect services/networking on a machine.
The skill documents package/system-management actions. This is disclosed and purpose-aligned, but such actions can change the host system if executed rather than only displayed.
python scripts/system_manager.py --action install --package nginx --os ubuntu
Only run system-management helpers after confirming what command will execute, and prefer dry-run or command-preview behavior where available.
JSON/WebSearch functionality may rely on another local package whose behavior is not shown here.
The package references a local dependency outside the provided skill manifest. That may be legitimate, but it means some functionality could depend on code not reviewed in these artifacts.
"dependencies": [
"../json-utils"
]Verify the ../json-utils package source before installing or running features that depend on it.
Search terms, API names, or related context may be sent to external documentation/search providers.
The skill discloses external documentation/WebSearch access. This is aligned with the purpose, but users should be aware that search queries or API-documentation requests may leave the local environment.
All modules support automatic documentation lookup ... Auto-fetches syntax from Microsoft docs if needed
Avoid using automatic lookup with proprietary code, private API details, or sensitive query text unless you are comfortable sending that context externally.