Agent Scorecard
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a local, user-directed scoring and reporting tool for AI-agent outputs, with the main thing to notice being that it stores evaluation history locally.
This skill appears reasonable for local quality scoring. Before installing or using it, decide where history and reports should be saved, keep those files private if evaluated outputs are sensitive, and treat any imported history files as trusted inputs because they affect trend and comparison results.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your evaluation history, agent names, task types, scores, and generated reports may remain on disk after use.
The skill intentionally stores evaluation history locally so it can compute trends and reports. This is disclosed and aligned with the purpose, but persisted history can retain quality metadata and can skew future trend reports if edited or mixed with untrusted records.
- Append every evaluation to a JSONL history file ... **DATA DISCLAIMER:** This software processes and stores data locally on your system.
Store history and reports in a trusted local directory, avoid feeding highly sensitive outputs unless local retention is acceptable, and do not merge untrusted history files into your quality records.