Startup Toolkit
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears low-risk and only creates local project folders, but its description overstates features that are not present in the included files.
This looks safe to inspect and low-risk to run, but it is only a basic folder scaffold. Treat the advertised startup features as unimplemented until you verify or build them yourself.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may expect more functionality than this skill actually provides.
The description claims a complete startup toolkit, but the supplied artifacts only include a simple directory-creation script. Users should not assume production-ready auth, payments, analytics, or deployment code exists.
Everything you need to launch your startup. ... Authentication ... Payments ... Analytics ... Docker deployment ... CI/CD pipeline
Inspect the generated project and do not rely on it for authentication, payments, analytics, or deployment until you add and review those implementations.
Running the script will create folders in or relative to the current working directory.
The included shell script creates local directories using the provided project name. This is expected for a scaffolding tool, but it is still local filesystem mutation.
mkdir -p $NAME/{frontend,backend,database,docker}Run it from the directory where you want the project created and use a simple project name without spaces, shell metacharacters, or path traversal.