VDV-Foundation
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted broadly, the agent could run local analysis commands and read or write files while using this workflow.
The skill documents local execution plus file read/write and memory use. This is disclosed and related to analysis, but users should scope what the agent may run or access.
Execution tools: exec, read, write, memory
Allow execution and file access only for specific, user-approved inputs and outputs; require confirmation before running scripts or writing files.
Users may assume helper scripts are part of the reviewed package when they are not.
The documentation references helper scripts, while the supplied package is instruction-only with no code files. Running these paths would depend on user-created or separately supplied code.
python3 scripts/vdv_analyzer.py --input "<text>" --mode quick
Only run helper scripts that you create or inspect yourself; do not execute unreviewed files placed at the referenced script paths.
Private analysis results or flawed conclusions could be reused later if stored in long-term memory.
The skill recommends persisting patterns and analysis results. Persistent memories can affect future tasks if inaccurate, sensitive, or over-trusted.
STORE: In your memory system (L7/L8 or equivalent)
Keep memory storage opt-in, avoid storing sensitive content unnecessarily, and provide a way to review or delete stored VDV patterns.
The agent could frame answers around an abstract creator, architect, or cluster goal rather than the user’s immediate request if configured poorly.
The skill includes optional identity and intention framing that could influence an agent’s priorities if treated as authoritative.
Define who is YOUR "Architect" ... "Serve my creator" ... "Protect my cluster"
Use a user-centered intention such as helping the current user, and do not let this framing override system, developer, or user instructions.