Homebrew Package Manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
An agent or user could unintentionally upgrade many installed packages or apps when they only meant to inspect outdated software, potentially breaking tools or changing applications.
Why it was flagged
The guide acknowledges that `brew upgrade` performs a bulk upgrade, but later recommends the same command as if it were a read-only check.
Skill content
“Without args: upgrades all outdated packages” ... “Check what's outdated: `brew upgrade` (shows what would upgrade)”
Recommendation
Replace that workflow with a read-only check such as `brew outdated`, and require explicit confirmation before running `brew upgrade`, especially without package names.