feifei

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent p5.js generative-art skill; the only notable security consideration is that its HTML viewer loads p5.js and fonts from public CDNs when opened.

This skill appears safe to use for generating art code. If you need offline or third-party-free output, review the generated HTML and replace external CDN links with local, trusted copies.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Opening the generated viewer may contact public CDNs and run the p5.js library from cdnjs, which is normal for this template but depends on that external supply chain.

Why it was flagged

The viewer depends on a third-party CDN-hosted p5.js script; this is purpose-aligned for p5.js art, but opening the viewer runs code fetched from that CDN.

Skill content

<script src="https://cdnjs.cloudflare.com/ajax/libs/p5.js/1.7.0/p5.min.js"></script>

Recommendation

For higher assurance or offline use, host a reviewed local copy of p5.js or add subresource integrity to the external script.