Back to skill
v1.0.0
Tech Debt Tracker
BenignClawScan verdict for this skill. Analyzed May 1, 2026, 2:49 PM.
Analysis
This instruction-only skill coherently scans a codebase for technical debt using read-only, purpose-aligned commands.
GuidanceThis appears safe for its stated purpose. It will inspect your codebase and git history to create a technical-debt report, so run it only in repositories you are comfortable having analyzed and avoid sharing the output if it contains sensitive project details.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Abnormal behavior control
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
grep -rn "TODO\|FIXME\|HACK\|XXX\|WORKAROUND\|TEMP\|DEPRECATED" src/ ... git log --format=format: --name-only --since="6 months ago"
The skill instructs the agent to use local shell commands to inspect source files and git history. This is read-only and directly aligned with technical-debt analysis, but it still means the agent will examine local project contents.
User impactThe agent may read source code paths, comments, and repository history to produce the report.
RecommendationUse it only on repositories you intend to analyze, and review the generated report before sharing it outside your team.