Sudoku
Security checks across malware telemetry and agentic risk
Overview
The skill’s artifacts consistently implement a Sudoku fetch/render/reveal workflow, with only expected network access, workspace file storage, and manual Python dependency installation.
This appears safe for its stated Sudoku purpose. Before installing, expect it to fetch puzzle data online, save puzzle JSON and render files under the workspace’s sudoku folder, and store solutions in those JSON files for later reveal.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill will fetch puzzles from the internet and create local puzzle/render files in the workspace.
The code shows the skill contacts an external Sudoku source and stores puzzle data in a scoped workspace directory, which matches the stated purpose.
PUZZLES_DIR = WORKSPACE_ROOT / "sudoku" / "puzzles" ... r = requests.get(url, timeout=30)
Use it only in workspaces where saving puzzle files is acceptable, and review or delete the workspace-local sudoku files before sharing the workspace.
Installing the dependencies will run code from external Python packages on the user’s machine.
The setup asks the user to install unpinned third-party Python packages; this is common and purpose-aligned for fetching and rendering, but it relies on package-index provenance.
python3 -m pip install requests Pillow lzstring
Install dependencies from a trusted package index, preferably in a virtual environment, and pin versions if repeatable installs are important.