Initialize Project Structure
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: init-project-structure Version: 1.0.0 The skill bundle is a project scaffolding tool designed to initialize a structured development environment (CLAUDE.md, documentation trees, and git configurations). It uses standard shell commands (mkdir, find, grep, git) for environment inspection and verification, and its instructions explicitly include defensive measures such as preventing silent overwrites of existing files and ensuring sensitive environment files (CLAUDE.local.md) are added to .gitignore. No evidence of data exfiltration, malicious execution, or unauthorized persistence was found; the 'Hard rules' defined in the templates are intended to enforce safe agent behavior during future project tasks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the referenced slim-claude-md skill is missing, outdated, or altered, the generated project instructions may differ from what is visible in this package.
The skill incorporates content from a separate skill that is not included in this manifest. This is disclosed and related to the purpose, but the external templates can affect the generated CLAUDE files.
Read templates from the `slim-claude-md` skill's `references/` directory
Use a trusted copy of slim-claude-md and review the generated CLAUDE.md and CLAUDE.local.md before relying on them.
Future sessions may reference these deployment steps; an accidental approval or misread workflow could affect a live production branch.
The generated workflow documents production deployment commands. The surrounding template requires explicit approval for production and destructive operations, so this is purpose-aligned but high-impact if later followed incorrectly.
git checkout main && git merge canary && git push # deploy to production — explicit approval
Keep the explicit per-action approval rules, verify the branch topology matches the real project, and review any production or destructive command before allowing it to run.
Database or service connection strings placed in CLAUDE.local.md could be exposed to local agent sessions or leaked if the file is later committed by mistake.
The scaffold intentionally creates persistent local context for environment-specific configuration. Gitignore reduces sharing risk, but future local agent sessions may read whatever the user places there.
Connection strings live in `CLAUDE.local.md` (gitignored).
Keep CLAUDE.local.md gitignored, prefer placeholders or least-privilege/read-only credentials, and avoid storing production secrets unless absolutely necessary.