文件快速扫描 - 减少token消耗
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: project-anatomy Version: 0.1.4 The skill bundle provides tools to index project files and expense documents to optimize AI token usage by generating a summary file (.anatomy.md). The scripts (anatomy_scan.py, anatomy_inject.py, and expense_anatomy.py) perform local file system operations such as directory walking, metadata extraction, and token estimation. While expense_anatomy.py accesses the ~/Downloads folder to identify recent receipts, it does so to provide a local summary and lacks any network capabilities or evidence of data exfiltration. The code is well-structured, lacks obfuscation, and its behavior is consistent with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
File descriptions or snippets may remain in .anatomy.md and be shown to future agent sessions, including any sensitive first lines or comments from scanned files.
The skill intentionally creates a persistent local index that can be reused across sessions as agent context.
启动时读 `.anatomy.md`(文件快扫索引)... 扫描输出写入 `.anatomy.md`,后续会话直接复用
Run it only on intended project folders, review .anatomy.md before sharing context, and add excludes for secrets, private notes, or generated files.
If configured in startup files, the skill may rescan and update the local index without a separate prompt each session.
The documented workflow can cause a scan to run automatically at session startup when the index is stale.
自动注入(会话启动用)... 超过 24h 自动触发重新扫描
Only enable startup integration in trusted workspaces and remove or disable it if you do not want automatic rescans.
Expense or Downloads filenames, dates, and sizes may be written into the generated anatomy file, which can reveal private activity even without reading file contents.
The optional expense scanner can inspect recent PDF/image filenames in the user's Downloads directory when the flag is used.
parser.add_argument('--scan-downloads', '-d', action='store_true'... dl = Path.home() / 'Downloads'Use --scan-downloads only when desired, and review the generated index before exposing it to an agent or another person.