Devvit Publishing Auditor
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Devvit audit skill that asks before running project checks or CLI commands, with only expected review notes for local command use and Devvit account status checks.
This skill appears safe to use as a guided pre-publish checklist. Run it only in the Devvit project you want audited, approve each command deliberately, review any proposed project updates, and manually decide whether to run the final upload command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent may run Devvit and TypeScript commands in the project; one suggested command can update the app configuration or project state.
The skill uses local CLI commands, including a project update command, but frames them as permission-gated and directly related to Devvit publishing readiness.
Request permission to run 'npx devvit whoami' and 'npx devvit version' ... Suggest running 'npx devvit update app' and wait for user approval.
Approve commands only in the intended Devvit project, review any proposed update before accepting it, and run the final upload command yourself when ready.
The audit report may include account or authentication-status information from the local Devvit CLI.
Checking Devvit auth status may reveal which Reddit/Devvit account is active, but this is expected for a publishing readiness audit and requires permission.
Version checks, Auth status ... Request permission to run 'npx devvit whoami'
Use the skill only with the Devvit account you intend to publish from, and avoid sharing reports if they contain account-identifying details.
The results depend on the Devvit and TypeScript tooling available through the user's environment.
The skill depends on npx-invoked tooling rather than bundled code or declared required binaries. This is normal for a Devvit project audit, but users should be aware the commands use their local/package-manager toolchain.
Request permission to run 'npx devvit whoami' ... Request permission to run 'npx tsc --noEmit'
Prefer a trusted project environment with known Devvit and TypeScript versions, and review any package-manager prompt before allowing npx to install or run tools.