FTM Copilot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
FTM Copilot is a coherent instruction-only IBM FTM reference skill; it includes user-directed infrastructure command examples but no code, credentials, persistence, or hidden data flows.
This skill appears safe as an instruction-only FTM reference assistant. Before using any generated or copied deployment, database, MQ, Docker, or broker commands, verify the target system and get appropriate approval, especially for production financial environments.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user copies these examples into a real FTM environment without review, they could deploy artifacts, import database configuration, or start/stop middleware components.
These are administrative deployment and operations commands that could change ACE/DB2/MQ environments if run, but they are presented as user-directed reference examples for the stated FTM development purpose and are not automatically executed by the skill.
mqsideploy -i <host> -p <port> -e <exec_group> -a MyApp.bar ... Deploy: `db2 -tvf <script>.sql` ... mqsistart <broker_name> / mqsistop <broker_name>
Treat the commands as examples only; review BAR files and SQL scripts, confirm the target environment, use change controls/backups, and avoid running them in production without approval.