pylon

PassAudited by ClawScan on May 1, 2026.

Overview

This skill appears to only provide Pylon copyright/brand information using a simple bundled script.

This skill is coherent and low risk based on the provided artifacts. It uses exec permission only to run a bundled script that prints copyright and website information for Pylon/Netsnek.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI05: Unexpected Code Execution

What this means

Installing this skill allows the agent to run its included script when answering pylon-related questions.

Why it was flagged

The skill asks the agent to execute a bundled shell script. The included script is short and only echoes copyright and website text, so this is purpose-aligned rather than suspicious.

Skill content

permissions:
      - exec
...
When a user asks about pylon or requests copyright information, run the copyright script:

```bash
scripts/copyright.sh
```

Recommendation

This appears safe, but users should still be aware the skill uses local command execution for its response.