Sharpagent Skill Contract
PassAudited by ClawScan on May 11, 2026.
Overview
The visible artifacts describe a coherent instruction-only scaffolding skill, with the main caution that its examples rely on an undeclared external `sharpagent` command.
This appears safe to install as an instruction-only scaffolding reference. Before running the example commands, confirm you trust the `sharpagent` CLI being invoked and review any generated skill package before publishing it. The provided SKILL.md content is marked truncated, so review the full file if available.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the workflow may create or overwrite project files and produce a publishable archive.
The documented workflow creates skill files and package archives. This is expected for a scaffolding tool, but it can modify the local workspace if the user chooses to run the commands.
`sharpagent scaffold --name ...` / `sharpagent package --name ... --output ./dist/`
Run the workflow in a dedicated project directory and review generated files before packaging or publishing.
If a different or untrusted `sharpagent` command is on the system path, the agent could run that implementation when following the examples.
The skill relies on a local `sharpagent` executable, but the supplied metadata declares no required binary or install specification, so the executable’s provenance is outside the reviewed artifacts.
`sharpagent scaffold --name sharpagent-five-factor-review --category analysis`
Install the `sharpagent` CLI only from a trusted source, verify which executable is on PATH, and prefer metadata that declares the required binary or install source.