v1.0.0

Strace

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:06 AM.

Analysis

This appears to be a benign strace reference helper whose bundled script only prints static guidance.

GuidanceThis skill looks safe to install from the supplied artifacts. It does not request credentials or access private data; just be aware that it includes a bash helper script and that the reference content is fairly generic.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityInfoConfidenceHighStatusNote

SKILL.md

scripts/script.sh intro

The skill exposes local script commands as its interface. The reviewed script content is bounded to printing static reference text, so this is expected for the skill's purpose.

User impactThe agent may run the bundled local helper script, but the provided source shows it only prints reference material.

RecommendationReview the bundled script when installing or updating the skill, and only use versions from a trusted source.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

scripts/script.sh

#!/usr/bin/env bash

The helper relies on bash while the registry metadata declares no required binaries. This is a minor packaging/dependency disclosure gap rather than suspicious behavior.

User impactThe skill may not run on systems without bash, but no hidden dependency download or unreviewed external code is shown.

RecommendationDeclare bash as a runtime requirement or ensure the target environment supports it.