Timestamp Converter

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is a simple timestamp-conversion reference with no code files, credentials, network access, or persistence; the only notable item is an optional package install suggestion.

This looks safe for normal timestamp conversion tasks. If you use the optional pytz dependency, install it deliberately from a trusted Python package source; otherwise the built-in zoneinfo module is sufficient on Python 3.9+.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI04: Agentic Supply Chain Vulnerabilities

Info

What this means

If the user chooses to install pytz, they will add a third-party Python package to their environment.

Why it was flagged

The artifact suggests installing an external Python package even though the skill has no install spec. It appears optional and purpose-aligned for timezone conversion, but users should notice any package installation step.

Skill content

## Dependencies

```bash
pip install pytz
```

Or use Python 3.9+ built-in `zoneinfo`

Recommendation

Prefer the built-in Python 3.9+ zoneinfo option when available, or install pytz only from a trusted package source in the intended Python environment.