Shadows Oneshot Fix
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is a narrowly scoped quick-fix workflow that edits a target file and may run local verification commands, with the main risks clearly disclosed.
This looks safe for its stated purpose, but it can modify a source file and may run local build or test commands. Use it for small, clearly located fixes, review the diff afterward, and avoid running verification on untrusted repositories unless sandboxed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill can change code in the repository, so an incorrect target or diagnosis could still produce an unwanted edit.
The skill authorizes file modification, but the instruction is limited to an existing target file and minimal bug-fix changes.
Apply the fix using Edit tool. Change ONLY the broken part.
Use it only for clearly scoped fixes and review the resulting diff before relying on the change.
Running tests or project tooling in an untrusted repository could execute code on the user's machine.
The skill may run local verification commands; this is disclosed and purpose-aligned, but it can execute repository code.
Commands executed: Optional compile check (`python -m py_compile`, `npx tsc --noEmit`) or test run (`pytest`, `jest`, `vitest`) in the verification step. These execute local code in the repository.
Run the skill in trusted repositories, or skip/sandbox verification for untrusted code as the skill itself advises.