Global Holidays
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a purpose-aligned holidays helper; the main caution is that its setup examples install a Python package and include a system-Python override flag.
This skill appears safe for public-holiday lookups. If you install its dependency, use a virtual environment and preferably a pinned holidays version; avoid --break-system-packages unless necessary. Only provide a custom holiday JSON file path if you intentionally want the agent to read that file.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package changes the local Python environment and could introduce dependency or version risk if done system-wide or without pinning.
The skill depends on installing a PyPI package; this is purpose-aligned, but the default install example is unpinned and uses a flag that can bypass system package protections.
"install":[{"id":"pip","kind":"pip","package":"holidays","label":"Install holidays package"}] ... pip install holidays --break-system-packagesInstall in a virtual environment, pin the package version when possible, and avoid --break-system-packages unless you understand the system-level impact.
If the agent runs examples or generated snippets, they execute in the user's local environment.
The skill documents local shell/Python execution. This is expected for a Python library helper, but it means use of the skill may involve running local code snippets.
All examples below can be run directly in the shell: ```bash python <<'EOF' # your code here EOF
Approve local execution only for clear holiday-related snippets, and be especially careful before allowing any file reads or package installs.