catime

PassAudited by ClawScan on May 1, 2026.

Overview

This skill appears to fetch public AI-generated cat images as described, with the main caution being that it asks users to install an external, unpinned Python package.

This looks safe for its stated purpose of fetching and sending cat images. The main thing to check is the external catime pip package before installing it, preferably in an isolated environment if you are cautious.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the package gives that external package code the ability to run locally as part of using the skill.

Why it was flagged

The skill depends on installing an external Python package without a pinned version. This is expected for the stated CLI-based purpose, but it creates a normal package-provenance consideration for users.

Skill content

kind: pip
        package: catime
...
pip install catime

Recommendation

Before installing, confirm the PyPI/GitHub package is the intended catime project and consider using a pinned version or isolated environment.