skill-expert-skills
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears coherent and purpose-aligned for creating and packaging AI agent skills, but it uses local file writes, helper scripts, external research, and broad packaging behavior that users should review carefully.
This looks safe to install if you want a helper for building SKILL.md packages. Before using it, be aware that it can write files, run local Python helpers, research external sources if tools are available, and package everything inside a target skill folder. Keep work in a dedicated skill directory, do not store secrets there, and review generated or packaged files before sharing or relying on them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create or modify files and run local validation or packaging commands for skill projects.
The skill explicitly grants broad local read, write, shell, and search capabilities. These are expected for creating, validating, and packaging skills, but they can affect local skill files if used on the wrong path.
allowed-tools: Read Write Bash Grep Glob
Use it only on intended skill directories, keep changes user-directed, and review diffs or generated files before relying on them.
Users may run local Python helpers from a package without a clear upstream homepage or source repository.
The registry provenance is limited while the artifact includes runnable helper scripts. There is no evidence of malicious code in the provided snippets, but users should notice the provenance gap before running bundled scripts.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: 8 code file(s)
Inspect bundled scripts before use, prefer running them in the intended skills workspace, and verify the package publisher/source if provenance matters.
A packaged skill could accidentally contain private notes, test data, or other files that were left inside the skill folder.
The packager recursively includes all files in the target skill directory except a small exclusion list. This is expected for packaging, but unintended files placed in the skill directory could be carried into a distributable .skill archive.
files = [p for p in skill_path.rglob('*') if p.is_file() and not _should_exclude(p)]Review the skill folder and resulting archive before sharing, and keep secrets or unrelated local files out of skill directories.
Untrusted or inaccurate external material could influence generated skill guidance if not reviewed.
The workflow can incorporate retrieved web, code-search, and documentation content into new skill instructions. The artifact also calls for cross-validation, so this is a managed, purpose-aligned risk rather than a concern.
Research with tools -> Cross-validate -> Gate -> Self-check ... Web search tools (for latest practices, at least 3 sources) ... Code search tools ... URL fetch tools
Prefer official sources, avoid including private information in research queries, and review generated skills for untrusted instructions or unsupported claims.