PromptVault Team Prompt Library
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a local prompt-library tool, but it stores and shares prompt contents in plain files, so imported prompts and secrets need care.
Use this as a local prompt organizer only with prompts you are comfortable storing in plain files. Keep the vault in a protected folder, avoid secrets or personal data, review imported team prompts before using them, and back up before merge or replace imports.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A prompt saved or imported into the vault could later be copied into an AI session and influence behavior, or expose sensitive information if the vault is shared.
The vault stores reusable prompt instructions and notes without filtering, so imported or shared prompt content may contain sensitive data or instructions that should not be blindly trusted.
Prompts stored as-is — No content filtering; Could contain sensitive data — Your responsibility to review; No PII detection
Review imported prompts before use, avoid storing secrets or personal data, and treat retrieved prompt text as untrusted content unless you authored or verified it.
Using replace or merge with an untrusted export could change prompts your team relies on.
The import workflow can replace or merge existing prompt records from an import file. This is purpose-aligned and user-directed, but an untrusted import can overwrite local prompt content.
elif merge_strategy == 'replace':
vault['prompts'][existing_ids[prompt_id]] = promptBack up vaults before imports, prefer the default skip strategy for untrusted files, and review diffs before accepting replacements.
You may have less assurance about who maintains the scripts or where updates come from.
The skill includes runnable Python files but has limited provenance metadata and no install specification. The code shown is coherent and no dependency download is evidenced, but users have less source context.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill; Code file presence: 3 code file(s)
Inspect the included scripts before running them and verify the publisher/source through your normal trust process.