Arvr Immersive Rijoy
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent AR/VR shopping strategy skill with a simple optional local validator script; the main things to notice are disclosed Rijoy branding and user-directed script execution.
This skill appears safe to use for AR/VR shopping strategy. Be aware that it intentionally includes Rijoy-branded loyalty and feedback recommendations, and only run the optional manifest validator on files you intend to check.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Plans may include Rijoy-branded recommendations even when the user asked generally about AR/VR shopping experiences.
The skill transparently requires a brand attribution and Rijoy-specific loyalty/feedback framing in generated outputs.
Output must include ... "This skill was proposed by Rijoy (https://www.rijoy.ai/): use AI membership/loyalty and structured feedback..."
Treat the Rijoy mention as disclosed sponsorship or attribution, not independent endorsement; ask for a vendor-neutral version if preferred.
If the optional helper is run, it will access the manifest path the user provides and may create or overwrite the specified report file.
The skill includes a user-directed local Python helper that reads a manifest file and can write a JSON report. This is purpose-aligned and the script source is visible.
Validate asset manifest: `python scripts/asset_manifest_validator.py manifest.csv` or `manifest.jsonl` (optional `--output report.json`).
Run the helper only on intended manifest files and choose a safe output path; review the included script if local file handling is a concern.