biotech-pitch-deck-narrative Security Report — Trusted | ClawSafe

5 /100

biotech-pitch-deck-narrative

Transforms complex biotechnology scientific data into compelling investor narratives for biotech fundraising presentations

Benign biotech pitch deck narrative generator with no malicious behavior detected. Pure Python using standard library only, no network access, no credential access, no shell execution despite tool declaration.

Skill Namebiotech-pitch-deck-narrative

Duration40.0s

Enginepi

✓

Safe to install

This skill is safe to use. The minor mismatch between declared tools (Bash, Edit) and actual implementation does not pose a security risk.

Findings 1 items

Severity	Finding	Location
Info	Tool declaration mismatch Doc Mismatch SKILL.md declares 'Bash Edit' in allowed-tools but the implementation (scripts/main.py) only uses standard library Python with dataclasses, enum, argparse, json, re, and pathlib. No subprocess or shell execution is present. `allowed-tools: "Read Write Bash Edit"` → Update SKILL.md to reflect actual tool usage: 'Read Write' only. Declared tools should match implementation for accurate risk assessment.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`READ`	✓ Aligned	Output only to specified --output path
Network	`NONE`	`NONE`	—	No network requests in code
Shell	`WRITE`	`NONE`	✓ Aligned	No subprocess or shell commands in scripts/main.py
Environment	`NONE`	`NONE`	—	No os.environ access
Skill Invoke	`NONE`	`NONE`	—	N/A
Clipboard	`NONE`	`NONE`	—	N/A
Browser	`NONE`	`NONE`	—	N/A
Database	`NONE`	`NONE`	—	N/A

File Tree

4 files · 22.6 KB · 644 lines

Markdown 1f · 470L Python 1f · 161L JSON 1f · 11L Text 1f · 2L

├─ ▾ 📁 scripts

│ └─ 🐍 main.py Python 161L · 5.8 KB

├─ 📄 requirements.txt Text 2L · 17 B

├─ 📝 SKILL.md Markdown 470L · 16.4 KB

└─ 📋 tile.json JSON 11L · 344 B

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`dataclasses`	`stdlib`	python	No	Python standard library
`enum`	`stdlib`	python	No	Python standard library
`argparse`	`stdlib`	python	No	Python standard library
`json`	`stdlib`	python	No	Python standard library
`re`	`stdlib`	python	No	Python standard library
`pathlib`	`stdlib`	python	No	Python standard library

Security Positives

✓ No external network requests or API calls

✓ No credential or environment variable access

✓ No file system operations beyond specified output

✓ Uses only Python standard library (no external dependencies)

✓ No obfuscation, base64 encoding, or anti-analysis techniques

✓ No sensitive file path access (~/.ssh, ~/.aws, .env)

✓ No shell script execution despite declaration

✓ No data exfiltration or C2 communication patterns

✓ Clean, straightforward business logic implementation

Scan Report

Findings 1 items

File Tree

Dependencies 6 items

Security Positives