Python Script Generator
Security checks across malware telemetry and agentic risk
Overview
This appears to be a simple Python template generator with only purpose-aligned local file generation and no evidence of credential access, exfiltration, persistence, or hidden behavior.
This skill looks safe for its stated purpose, but use it in a clean project folder because it writes generated files locally and may overwrite an existing file with the same name.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, it may replace an existing local file with generated template code.
The helper writes a generated Python file using a user-supplied name and makes it executable. This is expected for a script generator, but it can overwrite a same-named file in the working directory.
cat > "$NAME.py" << 'PY' ... chmod +x "$NAME.py"
Run it in a dedicated project directory and choose output names carefully.
The skill may not install or run exactly as the examples imply.
The documentation references a command, while the registry states there is no install spec and the package includes a shell file. This is a packaging clarity issue, not evidence of malicious behavior.
python-script-generator my --type cli
Check how the command is exposed before relying on it, and review the included shell file if invoking it manually.