Skill Architect
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only skill for designing new AI skills, with disclosed user-guided scaffolding and no evidence of hidden code, credential use, or data exfiltration.
This skill appears safe to review and use as an instruction-only helper for designing new skills. Before installing, make sure you trust the source you fetch it from, and before enabling any skill it generates, read the generated instructions and test them in a limited project rather than globally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user installs from an untrusted or changed external source, they could receive different files than the reviewed artifact set.
The README documents a user-run package-based installation path. This is expected for installing a skill and is not automatic in the provided artifacts, but users should trust the package/source before running it.
npx skills add vincent-hq/skill-architect
Install from a trusted source, review the fetched files, and prefer pinned or verified versions where possible.
A poorly designed generated skill could later influence an AI agent’s behavior in unintended ways.
The skill creates new agent skill instructions. That is its stated purpose and is user-directed, but generated skills can affect future agent behavior if installed without review.
Scaffold — build the SKILL.md from the appropriate pattern template
Review and test generated skills before enabling them, especially before installing them globally or sharing them with others.