Talos Pro
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts look like a purpose-aligned social media calendar generator, with only expected setup and license-key handling notes.
This appears safe to use for local content-calendar generation, but install the dependency in a virtual environment if possible and avoid exposing your license key in shared terminals, logs, or prompts. The review is limited to the visible, truncated SKILL.md content provided.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this dependency could change the user's Python environment and relies on the package source being trustworthy.
The skill asks the user to install an unpinned package from the Python package ecosystem and to bypass system package protections. This is a setup/supply-chain consideration, although it is disclosed and purpose-aligned for rich console output.
pip3 install rich --break-system-packages --quiet
Prefer installing in a virtual environment and pinning the dependency version where possible.
The user must provide a license key, but the visible implementation does not appear to send it elsewhere.
The skill handles a license key from the environment. The visible code checks it locally against hard-coded SHA-256 hashes and does not show logging or network transmission.
LICENSE_KEY = os.environ.get("LICENSE_KEY", "").strip()Use a dedicated license key, keep it out of shared logs or prompts, and verify the key source before use.