v1.0.0

Svelte Component Auditor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 2:48 PM.

Analysis

This instruction-only skill appears to perform read-only Svelte/SvelteKit code auditing with commands that are aligned with its stated purpose.

GuidanceThis skill looks safe for its stated purpose. Run it only in the Svelte/SvelteKit project you want audited, since its read-only commands inspect files under the current directory.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

find . -name "*.svelte" -not -path '*/node_modules/*' -not -path '*/.svelte-kit/*' | wc -l

The skill instructs the agent to use local shell commands to inspect project files. These commands are read-only and fit the stated auditing purpose, but users should be aware the agent may scan files in the current working tree.

User impactThe agent may read Svelte, TypeScript, JavaScript, package, and config files in the current project to produce audit findings.

RecommendationUse the skill from the repository you intend to review, and avoid invoking it from a directory containing unrelated private files.