L4 Skill Forge
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent skill-building assistant with optional local helper scripts; review the publisher and run the scripts only in intended project folders.
This skill appears safe for its stated purpose. Before installing, verify the publisher; before running its Node scripts, review them and run them only in a workspace you intend to modify. Treat the scoring script as a helpful checklist aid, not as a guarantee that a generated skill is secure or production-ready.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You are trusting a skill package from an unclear source, although the included code shown here is simple and purpose-aligned.
The package has limited provenance information even though it includes executable helper scripts.
Source: unknown; Homepage: none
Verify the registry publisher/source before installing, especially before running the included scripts.
Running the helper will create persistent files in the selected workspace.
The scaffold helper creates directories and writes files under the user-supplied target path; this is expected for a skill-generation tool but still changes the local filesystem.
ensureDir(root); ... writeFileSync(join(root, 'SKILL.md'), skillMd);
Run the Node helpers only after review, from a trusted checkout, and in a non-privileged project directory you intend to modify.
A generated score could be over-trusted if treated as proof that a skill is safe or production-ready.
The score script can label a skill as production-level based partly on file presence and keyword checks, not a complete behavioral or security assessment.
const hasSafety = /安全|risk|approval|确认/i.test(content); ... result.score >= 90 ? 'L4-Production'
Use the score as a rough structural check only; also run the documented eval cases, release checklist, and manual security review before publishing.