raycast
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated extensions based on this example could send clipboard contents to Raycast AI when the user runs the command.
The example shows clipboard contents being included in an AI request. This is aligned with the stated AI summary example, but clipboard text can contain private or sensitive data.
const text = await Clipboard.readText(); ... const result = await AI.ask(`Summarize this: ${text}`);Use this pattern only when the command purpose is clear to the user, avoid sending secrets, and consider adding user-facing confirmation or warnings for sensitive clipboard content.
Extensions generated from this guidance may keep user data on disk between runs.
The skill intentionally guides generated Raycast extensions to store data locally. This is purpose-aligned, but persistent data can remain across uses and should be scoped.
Data: Use `Cache` for frequent/transient data, `LocalStorage` for persistent user data.
Store only necessary data, avoid secrets unless specifically justified, document retention behavior, and provide cleanup or clear-storage behavior where appropriate.