InspirAI Best Practices
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill coherently manages a local best-practices folder, with expected local file changes and persistent reuse but no evidence of hidden code, credential access, or exfiltration.
This appears safe for its stated purpose if you are comfortable with a local, persistent best-practices folder. Before installing, remember that it can write and copy local files, may require jq despite not declaring it, and should not be used to store secrets or blindly apply unreviewed saved content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can add or change files in the local best-practices store and, if selected, in the current project's docs/references folder.
The skill instructs the agent to create local directories/files and copy best-practice documents into a project. This is expected for the skill, but it is still local file mutation.
mkdir -p "$BP_DIR" ... echo '{"version":1,"practices":{}}' > "$INDEX_FILE" ... cp "$FILE_PATH" "docs/references/{id}.md"Review prompts before allowing copy, update, or delete actions, and keep category/slug names simple so files stay within the intended directories.
Some workflows may fail or depend on whatever jq binary is available in the user's PATH.
The instructions rely on jq, while the provided requirements declare no required binaries. This is not suspicious by itself, but users may need a trusted jq installation for all steps to work.
cat "$INDEX_FILE" | jq -r '.practices[].category' | sort -u
If jq is needed, install it from a trusted package source or ask the skill author to declare it explicitly.
Sensitive snippets, stale advice, or untrusted instructions saved as a best practice could influence future projects when the practice is applied.
The skill creates a persistent local knowledge base intended for reuse across projects, including user-entered solutions and code snippets.
记录验证通过的解决方案,跨项目复用 ... 所有最佳实践存储在 `$HOME/.inspirai/best-practices/` 下
Do not store secrets or credentials in best-practice entries, and review saved practices as reference material before letting them guide project changes.