Nm Sanctum Doc Consolidation
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: nm-sanctum-doc-consolidation Version: 1.0.2 The skill bundle is a documentation management tool designed to extract content from temporary LLM-generated reports and merge it into permanent project documentation. It identifies untracked markdown files using git status, categorizes content chunks, and performs file modifications or deletions (unlink) to clean up artifacts. While it possesses destructive capabilities (file deletion), these are central to its stated purpose and are mitigated by a mandatory two-phase workflow that requires explicit user approval before any changes are executed. No evidence of data exfiltration, unauthorized network access, or malicious prompt injection was found across the modules (SKILL.md, candidate-detection.md, merge-execution.md).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken plan could modify documentation or remove draft report files.
The skill is explicitly designed to perform local file mutations, including deleting source markdown files, but the artifact also states that execution should occur only after user approval.
**Checkpoint**: User reviews and approves plan before execution. ... After approval ... **Merge content** ... **Delete sources**
Review the consolidation plan carefully, especially the destination files and deletion list, and consider backing up important untracked reports before approving execution.
The log may retain operation history and possibly copied document content, and rollback behavior depends on that local log being trustworthy.
The skill describes keeping a persistent local rollback log of consolidation operations, while also acknowledging deleted source files are not automatically restorable.
CONSOLIDATION_LOG = '.consolidation-log.json' ... log['operations'].append(operation) ... WARNING: Cannot restore deleted source
Inspect or remove the consolidation log if it contains sensitive project information, avoid committing it accidentally, and verify it before using rollback.