Prioritize uv
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill transparently pushes Python work toward uv, but users should notice that it broadly changes command and package-management behavior.
This appears safe to install if you intentionally want uv to be preferred for Python work. Before approving commands, make sure uv is installed, review dependency changes, and use explicit project exceptions when pip or direct python execution is required.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Python commands may be rewritten to use uv even when a project normally documents another workflow.
The skill deliberately forces a command-selection policy across Python tasks. This is disclosed and matches the purpose, but it can override a user's preferred direct-python or pip workflow.
This is a **mandatory skill** for all Python-related tasks... **NEVER** run Python commands directly... **ALWAYS** wrap them with `uv run` or `uvx`
Install only if you want uv to be the default Python workflow, and explicitly disable or override it for projects that require pip or direct python commands.
Dependency installation behavior may differ from pip-based project instructions.
The skill instructs the agent to substitute package-management commands. That is central to the skill, but package commands can change the user's local environment or dependency configuration.
`pip install <package>` | `uv add <package>` ... `pip install -r requirements.txt` | `uv pip install -r requirements.txt`
Review package-management commands before approving them, especially in projects with strict dependency, lockfile, or CI requirements.
External Python tooling may be fetched and executed as part of routine linting, formatting, or analysis workflows.
The skill recommends uvx for external Python tools. This is expected for uv-based workflows, but uvx-style usage can run external tool packages, especially when dynamic versions such as latest are used.
`uvx` creates a temporary, isolated environment... `uvx ruff@latest check .`
Prefer trusted tools and pinned versions when reproducibility or supply-chain control matters.
The registry view may not fully communicate that the skill expects uv to be available and intends broad activation for Python tasks.
The SKILL.md frontmatter declares always-on behavior and a uv binary requirement, while the supplied registry metadata says always=false and lists no required binaries. This is a metadata consistency issue, not evidence of hidden code.
metadata:
always: true
...
requires:
anyBins: [uv]Confirm uv is installed and check the installed skill metadata if you rely on registry flags for activation or dependency expectations.