wikipedia-oc

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing an unpinned package may result in different code being installed over time, depending on the current PyPI release.

Why it was flagged

The skill depends on installing the external `wikipedia` package from PyPI, and the example does not pin a package version. This is purpose-aligned but gives the installed package supply-chain significance.

Skill content

pip install wikipedia

Recommendation

Install from a trusted environment and consider pinning or reviewing the package version if reproducibility matters.