GERMANIC
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for a JSON validation/compilation CLI, with normal caution needed for installing the external binary and optional MCP server use.
This appears suitable for its stated purpose. Before installing, confirm the Germanic Homebrew tap or cargo package is the one you intend to trust, run commands only in the intended workspace, and enable MCP server mode only for trusted clients and directories.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the external Germanic CLI package source.
The skill depends on installing and running an external CLI package. This is expected for the skill's purpose, but the executable itself is not included in the artifact set.
brew tap germanicdev/germanic && brew install germanic Alternative (from source): `cargo install germanic`
Install from the official project source, verify the package name and version, and avoid untrusted mirrors or lookalike packages.
Running commands in the wrong directory could read or create files in an unintended workspace.
The documented commands read schemas/input JSON and write generated schema or .grm files relative to the active workspace. This is purpose-aligned but affects local files.
GERMANIC operates relative to the current working directory. All paths in this document are relative to the workspace root.
Run the tool from the intended project directory and review input, schema, and output paths before compiling or initializing schemas.
If configured, an MCP client may be able to invoke Germanic tools against files available in that workspace.
The optional MCP mode exposes Germanic operations to MCP-native clients. This is disclosed and purpose-aligned, but it expands who can invoke workspace file-processing actions.
germanic serve-mcp Exposes 6 tools: `germanic_compile`, `germanic_validate`, `germanic_inspect`, `germanic_schemas`, `germanic_init`, `germanic_convert`.
Enable the MCP server only in trusted clients and trusted workspaces, and avoid pointing it at directories containing unrelated sensitive data.