Catalog
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple catalog skill that runs a small included Node.js file to return fixed service prices, with no evidence of hidden data access or external communication.
This appears safe for a simple price-catalog use case. The main thing to notice is that it runs a local Node.js file, but the provided file only prints two hardcoded services and prices.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When asked about services or prices, the agent may run the included local script to get the catalog data.
The skill explicitly instructs the agent to execute a local Node.js helper. The included helper is small and purpose-aligned, but command execution is still a capability users should notice.
Use a ferramenta de execução de comandos (Exec Tool) para rodar:
node {baseDir}/catalog.jsInstall only if you are comfortable with this skill using local command execution for the catalog lookup; the provided script should remain limited to printing catalog JSON.