Dependency Auditor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If run on a broad directory, the generated report could include package names, versions, and local project paths from multiple projects.
Why it was flagged
The scanner recursively searches the user-supplied project path for supported dependency files. This is central to dependency auditing, but it means the tool can read dependency metadata across all matching subdirectories under the selected path.
Skill content
matching_files = list(project_path.rglob(file_pattern))
Recommendation
Run the tool only on the intended project directory and review generated reports before sharing them.