v1.0.101

Super publish skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

The skill instructions look like a React style guide, but the bundled package metadata conflicts with the registry identity and should be reviewed before installation.

GuidanceThe React convention instructions themselves appear safe and instruction-only. Before installing, confirm why the internal _meta.json points to a different owner, slug, and version than the registry entry.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

_meta.json

"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "summarize", "version": "1.0.0"

The registry metadata for the evaluated package lists a different owner ID, slug, and version: owner kn78dchaq3g7k824j7qnsrj0hn830k8v, slug super-publish-skill, version 1.0.101. This mismatch makes the package identity/provenance unclear.

User impactYou may not be installing the exact package identity or version you expect, which weakens trust in the publication even though the visible skill content is benign.

RecommendationVerify the publisher and ask for corrected metadata before installing or relying on this skill.