Graceful Boundaries
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a purpose-aligned HTTP conformance auditor, with expected live URL checks and optional local checker usage.
This looks safe to install for auditing Graceful Boundaries conformance. Be aware that it may make live HTTP requests to the URL you provide, and the bundle also contains implementation guidance that can edit a project if you ask for code changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send HTTP requests to the URL being audited.
The skill performs live HTTP requests against a user-provided URL. This is expected for a conformance audit and is scoped to standard discovery paths, but users should ensure they are authorized to test the target.
Fetch the limits discovery endpoint directly. Try both standard paths: GET <url>/api/limits; GET <url>/.well-known/limits
Use the skill only on services you own or have permission to assess, and avoid internal or sensitive URLs unless that is intentional.
If used, the local checker runs JavaScript and makes HTTP requests to the audited service.
The skill documents optional execution of an included Node.js checker. This is purpose-aligned and not automatic, but it is local code execution that users should consciously choose.
Optional accelerator: If the graceful-boundaries repo is cloned locally, the automated checker provides a structured report: node evals/check.js <url> --json
Run the checker only from a trusted copy of the repository/package and review results before taking action.
If the builder instructions are invoked, the agent may edit API/error-handling code in the current project.
The bundle includes a builder-oriented skill/instruction file that can change application code to implement the specification. This is related to the Graceful Boundaries purpose and appears user-directed, but it is broader than the primary audit description.
this skill modifies source code in the current project
Use implementation mode only when you intend code changes, and review diffs and tests before deploying.