Codebase Survey
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A repository’s CLAUDE.md could steer what the agent reads or emphasizes during the survey.
The skill intentionally gives project-local context files strong influence over the survey workflow. This is purpose-aligned, but such files may contain untrusted or stale instructions.
**If the project has a well-structured CLAUDE.md, read it FIRST — before any of the steps below.** Use the "Where to find things" map as your primary survey guide.
Use CLAUDE.md as project documentation, but do not let it override the user’s request, platform rules, or safety boundaries.
The agent may inspect repository metadata, directory structure, and recent commit history.
The checklist includes local repository inspection commands. These are read-oriented and expected for a codebase survey.
`git branch -a`, `git log --oneline -20`, `ls -la`, `find src/app -type d`
Run the survey only in the intended project directory and review the final summary before relying on it.
Old or private project notes could influence the agent’s understanding of the codebase.
The targeted deep-dive workflow may rely on project memory and prior-session recap files. This is useful context, but persistent notes can be stale, sensitive, or misleading.
CLAUDE.md read (project memory, hard rules, today's state) ... Latest 1-3 recaps read (last session context)
Confirm that project memory and recap files are appropriate to read, and keep the explicit-approval requirement for CLAUDE.local.md.