quenitybase44
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
From a security standpoint this looks safe to install as an asset bundle: it has no executable code or declared access to your accounts or files. The main thing to check is whether you actually want the included promotional social-media content and AI-generated/watermarked images. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might install it without realizing it is mainly a set of promotional post drafts and images.
The primary skill documentation does not explain that the bundle contains promotional social-media assets, so users must inspect the files to understand the skill's actual content.
# quenitybase44 quenitybase44
Review the bundled copy and images for accuracy, tone, and brand fit before using or posting them; do not grant any separate social-media posting capability unless you intentionally want that.