code-score
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill claims to score Go code, but its Markdown instruction files are unreadable binary/control-character data, so its real behavior cannot be verified.
This may simply be a corrupted upload, but because the instruction files are not readable, you cannot verify what the skill tells your agent to do. Wait for a corrected, readable version before installing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent cannot confirm what instructions the skill will actually provide, making the package unsuitable to trust as an instruction-only skill.
The primary instruction artifact is named SKILL.md but contains non-readable binary/control-character data rather than auditable Markdown instructions.
"content": "�}\u001c<l\u0000\u0010\u0000Vst�\u0000��\"KU�..."
Do not install until the publisher provides readable, plain-text SKILL.md, README.md, and config.md files that match the declared Go code scoring purpose.
Users may rely on the registry description even though the packaged documentation does not provide reviewable evidence of the stated behavior.
The registry description presents a normal Go code quality skill, but the README content is unreadable and does not substantiate that description.
"content": "�}\u001c�l\u0000\u0010\u0000��!7�HG\u001a��..."
Treat the listing description as unverified and require a readable package before trusting or invoking the skill.