ClawHub

Analyzer

v1.0.1

Analyzes an existing project to produce a detailed, structured report on its architecture, patterns, technical debt, and key areas for downstream work.

0· 107·0 current·0 all-time
byCan@cankocakulak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md instructs the agent to read a project (project_path) and produce a structured analysis file. No unrelated binaries, credentials, or external services are requested.
Instruction Scope
Instructions correctly focus on reading the supplied project and producing docs/[project-name]/analysis.md. They do not instruct network exfiltration or accessing unrelated system paths. However, the agent is explicitly told to 'read' the codebase — that necessarily includes any files present in the path (config files, .env, secrets, etc.), so consumers should be cautious about which path is provided.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. This minimizes disk-write and supply-chain risk.
Credentials
The skill declares no required environment variables or credentials and requests no external service keys. The only implicit requirement is read/write access to the provided project_path (to inspect files and write the analysis artifact).
Persistence & Privilege
always is false and there are no install hooks or self-modifying behaviors. Autonomous invocation is allowed (platform default) but not excessive for this kind of agent. The skill will write the artifact file into the target repo, which is expected behavior.
Assessment
This skill appears to be what it says: it will read the directory you point it at and write docs/[project-name]/analysis.md. Before running: (1) avoid pointing it at sensitive locations (home dir, system config) or repos containing secrets (.env, certs, keys); prefer a clone with secrets removed; (2) review the produced analysis file before sharing it externally; (3) if you need extra safety, run the skill in an isolated environment or container with limited network/file access. Install risk is low because it's instruction-only and requests no credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cewa0ctrew69gth2wg9den837ds1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments