Slim Project Memory
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create or edit project documentation and .gitignore files in the current repository.
The skill directs local shell and file changes inside the project, including directory creation and .gitignore updates. That is expected for a project-memory restructuring skill, but it can still modify the repository working tree.
mkdir -p docs/architecture docs/features docs/pipeline docs/scripts docs/recaps docs/plans ... Add ... CLAUDE.local.md ... Verify: wc -l CLAUDE.md; git check-ignore -v CLAUDE.local.md
Use it only in the intended project root, review the resulting diff, and keep the skill’s instruction not to commit automatically.
Incorrect or overbroad environment references could steer a future agent toward the wrong staging or production target if credentials are available elsewhere.
The generated local reference file can guide future DB or hosting operations by naming environments, URLs, and env vars. The template includes approval limits, but users should verify the environment mapping carefully.
Environment quick-reference — read this BEFORE any DB or hosting operation ... Production has live customer data. Read-only by default. Any write must be explicitly authorized in the current turn.
Record only env var names and service URLs, never production secrets, and require explicit current-turn approval for any production or non-default-environment write.
Out-of-date or incorrect persistent memory could cause future sessions to use stale project context or the wrong environment information.
The skill intentionally creates persistent, auto-loaded project memory that future agent sessions will trust for environment routing and project rules.
Environment URLs and env var name references are in `CLAUDE.local.md` (gitignored, auto-loaded by Claude alongside this file). Read it before any DB or hosting operation...
Review generated CLAUDE.md and CLAUDE.local.md, keep CLAUDE.local.md gitignored, and update these files whenever environment or project facts change.