winforms-to-qt-mapper

This package appears to implement a legitimate WinForms→Qt migration toolkit, but there are notable red flags you should address before running it on sensitive code: 1) Verify filenames and runtime commands: SKILL.md refers to scripts that are missing or named differently in the repo. Confirm which scripts exist and test them on a small sample project first to avoid surprises. 2) Review scripts for network/exec usage: Search all JS files for child_process.exec/execSync/spawn, axios/fetch/ws/express usage, and any hardcoded URLs or remote endpoints. If scripts attempt network calls, inspect what is sent and to where. 3) Inspect dependencies: The dependency list includes heavy ML libraries and several webserver packages. If you npm install, these will be fetched — consider auditing or installing in an isolated environment (container or VM). If you do not need the web/ML features, consider trimming or forking the repo. 4) Run in a sandbox: Execute the tools on non-sensitive sample projects first (or inside a disposable container) to validate behavior, output locations, and that no unexpected outbound traffic occurs. 5) Check build/runtime mismatches: Some referenced tooling (Roslyn/.NET analysis) may require .NET tooling rather than pure Node; confirm prerequisites and ensure you have the correct environment before running. 6) Confirm licensing and provenance: The source/origin is listed as unknown; verify the repository origin and maintainers, and review CHANGELOG/README claims (e.g., '100% zero compile errors') skeptically and validate with your own build tests. If you want, I can (a) search the provided files for network or exec usage and summarize exact lines that matter, or (b) list missing script names and where SKILL.md and package.json diverge so you can fix or test safely.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.