v1.0.0

FTM Copilot

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

FTM Copilot is a coherent instruction-only IBM FTM reference skill; it includes user-directed infrastructure command examples but no code, credentials, persistence, or hidden data flows.

GuidanceThis skill appears safe as an instruction-only FTM reference assistant. Before using any generated or copied deployment, database, MQ, Docker, or broker commands, verify the target system and get appropriate approval, especially for production financial environments.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

references/development.md

mqsideploy -i <host> -p <port> -e <exec_group> -a MyApp.bar ... Deploy: `db2 -tvf <script>.sql` ... mqsistart <broker_name> / mqsistop <broker_name>

These are administrative deployment and operations commands that could change ACE/DB2/MQ environments if run, but they are presented as user-directed reference examples for the stated FTM development purpose and are not automatically executed by the skill.

User impactIf a user copies these examples into a real FTM environment without review, they could deploy artifacts, import database configuration, or start/stop middleware components.

RecommendationTreat the commands as examples only; review BAR files and SQL scripts, confirm the target environment, use change controls/backups, and avoid running them in production without approval.