Urlopnik
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using PDF generation could unexpectedly download and install software into the local Python environment.
The PDF helper automatically installs an undeclared, unpinned dependency from pip at runtime when reportlab is missing.
subprocess.run(["pip", "install", "reportlab"], check=True)
Install dependencies explicitly from a reviewed requirements file or prompt the user before running pip; pin the reportlab version.
A leave request may contain employment and contact details, so sending it should be explicitly reviewed and confirmed.
The skill text advertises sending leave requests to a supervisor, but the artifacts do not define recipient selection, user confirmation, or an email mechanism.
generuje wnioski urlopowe w formacie PDF i wysyła do przełożonego
Only send generated requests after verifying the recipient, attachment, and message content.
Employee name, role, department, phone, email, and leave information could persist beyond a single request.
The skill says it remembers employee data, but the artifacts do not describe storage location, retention, or deletion controls.
Dane pracownika (jednorazowo, potem zapamiętuje)
Avoid entering unnecessary personal data and ask how to view or delete remembered employee details.