Codebase Survey
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: codebase-survey Version: 1.0.2 The codebase-survey skill is designed to help an AI agent systematically explore and summarize a project's structure, architecture, and maintainability. It uses standard discovery commands (git, find, grep, ls) and includes explicit safety instructions in SKILL.md and the checklists to avoid reading sensitive files such as .env, credential configs, or API keys, focusing instead on architectural patterns and metadata.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A repository’s CLAUDE.md could steer what the agent reads or emphasizes during the survey.
The skill intentionally gives project-local context files strong influence over the survey workflow. This is purpose-aligned, but such files may contain untrusted or stale instructions.
**If the project has a well-structured CLAUDE.md, read it FIRST — before any of the steps below.** Use the "Where to find things" map as your primary survey guide.
Use CLAUDE.md as project documentation, but do not let it override the user’s request, platform rules, or safety boundaries.
The agent may inspect repository metadata, directory structure, and recent commit history.
The checklist includes local repository inspection commands. These are read-oriented and expected for a codebase survey.
`git branch -a`, `git log --oneline -20`, `ls -la`, `find src/app -type d`
Run the survey only in the intended project directory and review the final summary before relying on it.
Old or private project notes could influence the agent’s understanding of the codebase.
The targeted deep-dive workflow may rely on project memory and prior-session recap files. This is useful context, but persistent notes can be stale, sensitive, or misleading.
CLAUDE.md read (project memory, hard rules, today's state) ... Latest 1-3 recaps read (last session context)
Confirm that project memory and recap files are appropriate to read, and keep the explicit-approval requirement for CLAUDE.local.md.