v1.0.0

database-migrations

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:32 AM.

Analysis

This is a benign, instruction-only database migration guide; the only notable issue is an optional README install command that uses an unpinned remote source.

GuidanceThis skill appears safe to use as migration guidance. Before following its example database operations in production, review them with your normal database change process, backups, and staging tests. If manually installing from the README, verify the GitHub source or pin a trusted commit.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

npx add https://github.com/wpank/ai/tree/main/skills/api/database-migrations

The README suggests a user-directed install command from an unpinned GitHub branch via npx. This is not automatic runtime behavior, but it is install provenance users should verify.

User impactIf a user installs with this README command, they may fetch whatever content is currently at that remote path rather than a pinned, reviewed version.

RecommendationPrefer the registry-provided version, or verify the GitHub repository and pin a specific trusted commit before using the npx install command.