Initialize Project Structure
PassAudited by ClawScan on May 8, 2026.
Overview
This instruction-only skill appears to scaffold project documentation and Claude project files as advertised, with some persistent context and deployment workflow templates that users should review.
This looks reasonable to install if you want the described project workflow. After running it, review the generated CLAUDE.md and CLAUDE.local.md, confirm any external slim-claude-md templates are trusted, keep local secrets out of committed files, and do not approve production deployments or destructive operations without checking the exact command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the referenced slim-claude-md skill is missing, outdated, or altered, the generated project instructions may differ from what is visible in this package.
The skill incorporates content from a separate skill that is not included in this manifest. This is disclosed and related to the purpose, but the external templates can affect the generated CLAUDE files.
Read templates from the `slim-claude-md` skill's `references/` directory
Use a trusted copy of slim-claude-md and review the generated CLAUDE.md and CLAUDE.local.md before relying on them.
Future sessions may reference these deployment steps; an accidental approval or misread workflow could affect a live production branch.
The generated workflow documents production deployment commands. The surrounding template requires explicit approval for production and destructive operations, so this is purpose-aligned but high-impact if later followed incorrectly.
git checkout main && git merge canary && git push # deploy to production — explicit approval
Keep the explicit per-action approval rules, verify the branch topology matches the real project, and review any production or destructive command before allowing it to run.
Database or service connection strings placed in CLAUDE.local.md could be exposed to local agent sessions or leaked if the file is later committed by mistake.
The scaffold intentionally creates persistent local context for environment-specific configuration. Gitignore reduces sharing risk, but future local agent sessions may read whatever the user places there.
Connection strings live in `CLAUDE.local.md` (gitignored).
Keep CLAUDE.local.md gitignored, prefer placeholders or least-privilege/read-only credentials, and avoid storing production secrets unless absolutely necessary.