Software Installation Assistant
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user chooses the auto-install route, code from get.x-cmd.com runs on their machine and could affect their user environment if the source or network path is compromised.
The guide documents a curl-to-shell installer from an external source, which is a supply-chain/code-execution exposure. It is purpose-aligned and clearly warned about, with safer alternatives and consent guidance.
**⚠️ WARNING:** This executes remote code without manual review. ```bash curl -fsSL https://get.x-cmd.com | sh ``` ... **Only proceed with auto-install if user explicitly consents**
Prefer the Homebrew or download-review-execute method, and only use the auto-install command in disposable or low-sensitivity environments after explicit approval.