Poetry
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent poetry generation and lookup skill; the main thing to notice is that its manual setup script downloads a large public dataset from GitHub without pinning a specific version.
This skill appears safe for its stated purpose. Before installing or first use, be aware that ./setup.sh downloads about 291MB of public poetry data from GitHub into data/; run it only if you trust that source and are comfortable with an unpinned external dataset.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup depends on the current state of the external GitHub repository and requires local network/git execution, though this is clearly tied to the poetry dataset purpose.
The setup script fetches an external dataset from GitHub without pinning a commit, tag, or checksum, so the exact downloaded contents can change over time.
git clone --depth 1 https://github.com/chinese-poetry/chinese-poetry.git "$DATA_DIR"
Review the setup script before running it, and prefer pinning the dataset to a known commit or release if reproducibility matters.