Codebase Survey
PassAudited by ClawScan on May 8, 2026.
Overview
This instruction-only skill appears purpose-aligned for reading and summarizing a codebase, with minor caution around trusting project context files like CLAUDE.md.
This skill looks safe for normal codebase onboarding. Before using it, make sure the target repository is the one you intend to inspect, and treat CLAUDE.md, recaps, and other project notes as helpful context rather than authoritative instructions. Do not approve reading local/private context files unless you are comfortable with their contents being used in the survey.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A repository’s CLAUDE.md could steer what the agent reads or emphasizes during the survey.
The skill intentionally gives project-local context files strong influence over the survey workflow. This is purpose-aligned, but such files may contain untrusted or stale instructions.
**If the project has a well-structured CLAUDE.md, read it FIRST — before any of the steps below.** Use the "Where to find things" map as your primary survey guide.
Use CLAUDE.md as project documentation, but do not let it override the user’s request, platform rules, or safety boundaries.
The agent may inspect repository metadata, directory structure, and recent commit history.
The checklist includes local repository inspection commands. These are read-oriented and expected for a codebase survey.
`git branch -a`, `git log --oneline -20`, `ls -la`, `find src/app -type d`
Run the survey only in the intended project directory and review the final summary before relying on it.
Old or private project notes could influence the agent’s understanding of the codebase.
The targeted deep-dive workflow may rely on project memory and prior-session recap files. This is useful context, but persistent notes can be stale, sensitive, or misleading.
CLAUDE.md read (project memory, hard rules, today's state) ... Latest 1-3 recaps read (last session context)
Confirm that project memory and recap files are appropriate to read, and keep the explicit-approval requirement for CLAUDE.local.md.