Backend Event Stores
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
If the user runs the README install command, they depend on the current contents of that remote source.
Why it was flagged
The documented installation command fetches from a remote GitHub path rather than a pinned release. This is user-directed and expected for installation, but it leaves provenance and version stability for the user to verify.
Skill content
npx add https://github.com/wpank/ai/tree/main/skills/backend/event-store
Recommendation
Verify the GitHub repository and consider installing from a trusted, pinned version or reviewed local copy.