Augmented Entity
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (base64-block); human review is required before treating this skill as clean.
This looks like a frontend visualization app rather than an agent skill that accesses accounts or files. Before running it, verify the source and any package/dependency files, because npm install and npm scripts can execute local code. ClawScan detected prompt-injection indicators (base64-block), so this skill requires review even though the model response was benign.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less assurance about where the packaged frontend bundle came from.
The skill's provenance is not clearly identified, which limits a user's ability to verify the origin of the bundled app before running local setup commands.
Source: unknown; Homepage: none
Install or run it only in a trusted workspace, and verify the package source and dependency files before executing npm commands.
Running the documented commands may execute local Node tooling and dependency lifecycle scripts.
These are local command-execution setup steps. They are user-directed and proportionate for a React/Vite web application, but they can execute package scripts if a package manifest is supplied.
npm install npm run dev npm run build
Review package files and run the commands in an isolated project directory rather than a sensitive workspace.