Security Review
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill is a coherent pre-install security review workflow, with notable but purpose-aligned use of a sub-agent, web research, local logs, and persistent review memory.
This skill appears safe to install as an instruction-only review workflow. Before using it, make sure you want a strict review-before-install policy, update the hardcoded Windows path and 'Marcus' approval wording if they do not apply to you, and avoid including secrets in package review prompts.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may delay or refuse package installation until the review is completed and approval is given.
The skill deliberately changes the install workflow by requiring a review gate before any external package install. This is disclosed and aligned with the security-review purpose, but it can override a user's normal install flow.
Run this skill BEFORE installing ANY external package, tool, CLI, npm module, Python library, browser extension, or third-party integration. No exceptions.
Use this skill only if you want a strict pre-install security gate, and customize the approval language for the actual user rather than 'Marcus' if needed.
If the user includes secrets in the package description, install command, or source URL, those details could be exposed to the spawned review workflow.
The review is delegated to a spawned sub-agent/model. That is expected for this skill, but package names, install commands, source URLs, and review context may cross an agent/model boundary.
Spawns a security review sub-agent ... sessions_spawn with model: anthropic/claude-sonnet-4-6, task: [security review prompt below]
Do not include tokens, private credentials, or secret URLs in review inputs; pass only the minimum package information needed for the assessment.
Malicious or misleading package content could bias the review if treated as instructions, and stale memory entries could influence later install decisions.
The skill reviews untrusted remote source content and persists review verdicts into memory. This is purpose-aligned, but fetched package content and stored verdicts should not be over-trusted without context.
SOURCE CODE ANALYSIS (USE web_fetch on raw GitHub files) ... MEMORY.md updated with verdict after each review
Treat fetched source and web pages strictly as untrusted evidence, add explicit prompt-injection resistance to the review prompt, and store dated, minimal verdicts that require re-review when packages change.