Json Linter
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims: locally scan JSON files for syntax errors, with the main caveat that its default run reads JSON files across the current workspace.
This looks safe for normal local JSON linting. Before installing, be aware that the default command scans JSON files under the current working directory; use the --dir option if you want to restrict what it reads.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run from a broad directory, the skill will read JSON files there, including configuration or data files, though the artifacts only show local syntax checking and reporting of paths/errors.
The CLI defaults to the current working directory and recursively reads JSON files for parsing. This is expected for a JSON linter, but it means the skill can access local JSON files in the selected workspace.
let targetDir = process.cwd(); ... const files = findJsonFiles(rootDir); ... const content = fs.readFileSync(filePath, 'utf8'); JSON.parse(content);
Run it from the intended workspace or use --dir to limit the scan to a specific folder, especially if nearby directories contain sensitive JSON files.