hdyceshiceshi
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The skill may fail to run through the SKILL.md entry point unless the package metadata is corrected.
Why it was flagged
SKILL.md points to scripts/generate_xmind.py, but the provided manifest includes generator.py and skill.yaml uses generator.py instead. This is a packaging or entry-point inconsistency, not evidence of malicious behavior.
Skill content
entry: type: script command: python3 scripts/generate_xmind.py
Recommendation
Confirm which entry point is intended and update SKILL.md or include the referenced script before relying on the skill.