Golden Master
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent with its stated purpose and mainly asks the agent to read repository files and generate user-approved freshness metadata.
This looks safe for tracking documentation freshness in a repository. Before using it, choose the files or directories deliberately, avoid scanning secrets or unrelated private documents, and review any generated metadata changes before committing them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you point the skill at private or sensitive files, their contents may be processed by your configured AI provider.
The skill discloses that repository file contents may be placed into the agent/model context during analysis, which is expected for this purpose but still relevant for sensitive files.
All file analysis uses your agent's configured model ... If your agent uses a cloud-hosted LLM (Claude, GPT, etc.), data is processed by that service as part of normal agent operation.
Use it on intended project/documentation files only, and avoid including secrets, credentials, or unrelated private documents in the scanned paths.
If you ask it to establish or refresh tracking, it may generate or apply metadata changes to repository files.
The skill may support file metadata updates, but it explicitly requires user direction before modifying files.
Boundaries: Identify relationships and staleness, never auto-modify files without explicit request
Review any proposed file diffs before committing, especially in shared repositories.