TinyTroupe Feed Research Lab
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a coherent local research helper that runs a bundled Python script on user-provided drafts and saves local reports, with no artifact-backed evidence of malicious behavior.
This looks safe to install for local draft-research use. Before running it, review the command, provide only drafts you are comfortable storing locally, and choose a private output directory for the generated reports.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill executes local code to process drafts and create reports, so users should ensure they are comfortable running the bundled script.
The skill directs the agent to run a local Python script. This is central to the stated purpose and is bounded to user-provided drafts and an output directory, so it is a note rather than a concern.
Run `scripts/tinytroupe_feed_research_lab.py` in deterministic mode.
Run it only from the installed skill directory, review the command arguments, and choose an output directory intentionally.
Private draft posts or audience details may remain in local report files after the task is complete.
The generated local outputs can retain the user's draft text and persona data. This is expected for a research-reporting skill, but it matters if drafts are private or the output directory is shared.
`feed_research.json`: machine-readable drafts, personas, reactions, and warnings.
Use a private output directory, avoid putting sensitive drafts in shared paths, and delete generated reports when no longer needed.