Confmt
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently formats and diffs user-provided config files, with the main caution that .env/config outputs may reveal secrets if the user chooses sensitive files.
This appears safe for formatting and comparing config files. Before installing or using it, remember that it prints config values directly, so do not run it on secret-bearing .env or production configuration files unless you are comfortable with those values appearing in the output.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user asks the skill to format, convert, or diff a .env or config file containing secrets, those values may be printed in the output.
The skill explicitly supports .env files, which commonly store credentials or tokens; this is purpose-aligned but sensitive if users process real secret-bearing files.
Supports JSON, TOML (Python 3.11+), and .env formats.
Use it only on intended files, redact secrets before sharing outputs, and avoid diffing production secret files in shared chats.