impactful-writing
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The writing instructions themselves look benign, but the metadata advertises wallet, purchase, crypto, and sensitive-credential capabilities that do not fit an instruction-only writing helper.
The included writing guidance appears coherent and non-executable, but review any installation or permission prompts carefully. A writing helper should not need wallet, purchase, crypto, or sensitive-credential access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be asked to approve wallet, payment, crypto, or sensitive-credential access that this writing skill should not need.
These high-impact capability signals do not match the stated instruction-only writing/editing purpose, and the requirements list no credentials, binaries, or config paths that would justify them.
Capability signals: crypto; requires-wallet; can-make-purchases; requires-sensitive-credentials
Do not grant wallet, purchase, or sensitive-credential access for this skill unless the publisher clearly explains why it is needed; the maintainer should remove or justify these capability signals.