v1.0.0

Qa Analyst

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:12 AM.

Analysis

This appears to be a coherent QA career-roadmap API skill that asks for career assessment details, with only minor privacy and provenance notes.

GuidanceThis skill looks purpose-aligned and low risk. Before installing or using it, verify the provider if possible and avoid sending unnecessary personal, employment, or identifying information in the assessment fields.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The skill has no runnable code or install step, but the provider provenance is not clearly identified in registry metadata.

User impactUsers have less context for verifying who operates the service before sending assessment information to it.

RecommendationVerify the provider identity and trustworthiness before using the API with real user data.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

openapi.json

"/api/qa/roadmap": { "post": { "description": "Generate personalized QA analyst roadmap" ... "RoadmapRequest" ... "assessmentData", "sessionId", "userId", "timestamp"

The documented POST endpoint accepts career assessment details plus tracking identifiers. This is expected for personalization, but it is still user/profile data sent through an API boundary.

User impactCareer background, skills, goals, and identifiers may be shared with the roadmap service when the endpoint is used.

RecommendationOnly provide the information needed for the roadmap, avoid sensitive personal details, and confirm the service’s privacy practices if using real user data.