PRISM-GEN-DEMO
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a local CSV analysis/demo skill with no network or credential use; the main things to notice are user-chosen plot file writes and minor dependency metadata gaps.
This skill looks safe for exploring the bundled PRISM-Gen demo CSV files. Use it with Python 3, add matplotlib only if you need plots, and save generated images to a clearly chosen output folder so important files are not overwritten.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user chooses an important file path as the plot output, the skill could overwrite it with an image file.
Plot generation writes to the path supplied by the caller. This is expected for a visualization tool, but the code does not enforce a dedicated output directory or prevent overwriting an existing file.
parser.add_argument("--output", type=str, default="plot.png", help="Output file path") ... fig.savefig(output, dpi=150)Save plots to a dedicated project/output folder and avoid using paths to important existing files.
The skill may not run or may not plot unless Python 3 and, for visualizations, matplotlib are already available.
The packaged commands invoke Python scripts and SKILL.md lists Python 3.7+ plus optional matplotlib. This is a transparency/setup metadata gap, not evidence of hidden installation or malicious behavior.
Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.
Confirm Python 3 is available before use, and install matplotlib only if you need plotting.