Document Spell Check
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The spell checker is purpose-aligned, but it can automatically install a system package and it overstates backup/rollback protections before rewriting files.
Install only if you are comfortable reviewing the script first. Ensure aspell is installed manually, run spell checks in dry-run mode before applying fixes, and keep files under version control because the advertised backup and rollback protections are not implemented.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill could unexpectedly change the user's local system by installing software before performing the spell check.
The script automatically invokes a package manager when aspell is missing, including a privileged sudo apt-get install path, despite the registry declaring no required binaries and no install spec.
if ! command -v aspell &> /dev/null; then ... brew install aspell ... sudo apt-get install aspell
Do not auto-install dependencies during normal execution; declare aspell as a required binary or prompt the user clearly before any package-manager command.
Users may rely on promised recovery protections that are not actually present, increasing the chance of losing or unintentionally changing documentation content.
These safety guarantees are not supported by the provided script, which overwrites files with mv and does not create backups, git commits, or rollback metadata.
Safety Measures - Backup creation: Automatic file backups before fixing - Atomic operations: Changes applied as single git commits - Rollback support: Easy revert of applied fixes
Either implement the stated backup, atomic commit, and rollback behavior or remove those claims and make dry-run or version-control review the recommended default.
A broad target such as a documentation directory can result in many local files being changed.
Fix mode directly rewrites matching documentation files under the user-supplied target. This is aligned with the stated purpose, but it is still a file-mutation capability users should review carefully.
elif [[ "$MODE" == "fix" ]]; then
fix_file "$file"
...
mv "$temp_file" "$file"Run with --dry-run first and use version control or backups before applying fixes across a directory.