SkillLens Audit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running an unverified CLI package can execute code in the user's local environment.
The skill relies on an external package installed or run at use time, and the command does not pin a version. This is central to the skill's purpose, but users should verify the package provenance before running it.
- One-off run: `npx skilllens scan` (or `pnpm dlx skilllens scan`) - Global install: `pnpm add -g skilllens`
Verify the SkillLens package source and version before use, prefer a pinned/trusted install path, and avoid global installation unless needed.
Local skill files or scan results may be processed by the selected auditor CLI, depending on how SkillLens implements that option.
The workflow supports handing audit work to Claude or Codex auditor CLIs. This is purpose-aligned, but the artifact does not describe the data boundaries for those optional auditor tools.
Run `skilllens scan [path] [--auditor claude|codex]`.
Use a specific scan path and select external auditors only when you are comfortable with their data handling and account context.