social-card
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward local image-generation skill, with the main caution that installation pulls a Python package from the package ecosystem.
This skill looks appropriate for generating local social preview images. Before installing, make sure you trust the `social-card` package source; otherwise, no unusual permissions or sensitive data access are shown.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the `social-card` package and its dependency chain.
The skill relies on installing an external Python package for its functionality. This is purpose-aligned for a Python library skill, but package provenance and version consistency still matter.
[0] uv | package: social-card
Install only if you trust the package/repository, and consider pinning or verifying the package version in environments where reproducibility matters.