ccdb
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent emissions-factor lookup helper, but it relies on running a pinned external npm CLI, so users should trust or verify that package.
This appears safe for its stated purpose if you are comfortable allowing the agent to run the pinned `carbonstop-ccdb` npm CLI. Before installing, consider verifying the npm package/source and avoid sending unnecessary private business details in search terms.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill means trusting the referenced npm package to perform the lookup safely.
The skill depends on an npm package downloaded and executed via npx rather than code included in the artifact. The version is pinned and this is central to the stated CCDB lookup purpose, so this is a supply-chain notice rather than a concern.
You can execute it anywhere by running `npx carbonstop-ccdb@1.0.1 <command> [options]`.
Use the pinned version, verify the npm package/source if needed, and run it in a sandboxed environment when possible.