Faq Forge
Security checks across static analysis, malware telemetry, and agentic risk
Overview
FAQ Forge is a local FAQ-building tool with no evident credential or network behavior, but users should review imported content and generated HTML before publishing it publicly.
This appears safe for local FAQ authoring and static documentation generation. Before installing or using it, make sure you are comfortable with local files such as faq_data.json and backups being created, and carefully review any imported documentation and generated HTML before publishing it to customers.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you import untrusted or messy documentation and publish the generated HTML, unsafe markup could appear on your FAQ page.
The HTML publisher directly interpolates stored FAQ content into generated customer-facing HTML. This is expected for a static FAQ generator, but it means imported or untrusted FAQ text could carry unsafe HTML/script content into a public page if the user publishes it without review.
html += f' <span>{entry.question}</span>\n'Use trusted source content, review generated HTML before uploading it publicly, and consider escaping or sanitizing FAQ fields if importing content from others.
Any private information accidentally imported into the FAQ database may remain in local files and could be included in later exports or published pages.
The skill intentionally keeps FAQ content in a persistent local JSON database. This is purpose-aligned, but imported content can persist and later be reused or published.
All FAQs stored in one JSON file (`faq_data.json`).
Import from a dedicated documentation folder, review faq_data.json before publishing, and remove any sensitive entries or backups you do not want retained.