v1.0.0

Willhaben CLI

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:50 AM.

Analysis

This is a read-only marketplace search CLI skill with a normal third-party install step; users should trust the whcli package source before installing.

GuidanceThis skill appears benign and read-only. Before installing, make sure you trust the external whcli package source, because the executable code comes from the referenced Homebrew tap or GitHub repository rather than from the provided skill artifact.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

brew install pasogott/tap/whcli ... git clone https://github.com/pasogott/whcli.git && cd whcli && uv sync

The skill depends on installing and running an external CLI from a Homebrew tap or GitHub repository; this is purpose-aligned, but users are trusting code outside the provided instruction-only artifact.

User impactInstalling the skill may install and run third-party CLI code on the user's machine.

RecommendationInstall only if you trust the whcli repository and Homebrew tap, and review the package source or formula if your environment is sensitive.