Codifica
ReviewAudited by ClawScan on May 1, 2026.
Overview
Codifica appears purpose-aligned, but it lets an agent use Git-tracked task files as persistent shared memory and may commit or push coordination updates to a repository.
Install or use this only in repositories where you want agents to coordinate through Git-tracked Codifica files. Review the Codifica spec, file_scope, and task state before use, and avoid storing secrets or private data in task notes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A task file or spec in the repository can influence what the agent reads, prioritizes, and treats as constraints.
The skill intentionally makes repository-provided Codifica files part of the agent's operating context before work begins.
Read the spec file it references ... Do not proceed without reading the spec.
Review codifica.json, the referenced spec, and task context before relying on the agent in an unfamiliar repository.
The agent may create commits and push task-claim or completion updates to a shared repo as part of normal use.
The protocol directs the agent to mutate repository state and optionally push those changes to a remote Git repository.
Commit all these changes together. If you are working with a remote, push immediately.
Use appropriate branches, permissions, and branch protections; verify that automatic task-state commits are acceptable for the repository.
If the environment has write access, the agent can use that access to update shared repository state.
Remote Git pushes operate under the Git identity and repository permissions available in the user's environment.
If you are working with a remote, push immediately.
Run it only where the agent is authorized to write, and prefer least-privilege Git credentials or protected branches.
Sensitive details placed in Codifica state or execution notes can persist in repository history and influence future agents.
The skill stores and reuses task memory across humans and agents in Git-tracked plain text.
shared, persistent memory of tasks, decisions, and handoffs — stored as plain text in Git
Do not put secrets or private data in Codifica files; review stored notes and limit repository access.