Meaningful-Code-Context-Scanner
PassAudited by ClawScan on May 8, 2026.
Overview
This appears to be a coherent hosted code-analysis API skill, but users should understand that it sends repository information/code-derived graphs to an external service and requires an API key.
Before installing, confirm you are comfortable sending the target repository or code-derived analysis to this hosted service, protect the CHUNKER_API_KEY like any API credential, and use self-hosting or avoid the skill for sensitive private code unless the provider's retention and privacy terms meet your requirements.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill must provide an API key; if mishandled, that key could be used to consume the user's API quota or access their service account.
The skill requires a hosted-service API key, which is expected for this integration but gives the agent delegated access to the user's Chunker account quota.
All endpoints except `/health` and `/status` require an API key. ... Set your key as `CHUNKER_API_KEY` in your agent's environment.
Use a limited-purpose key, keep it out of logs and shared prompts, rotate it if exposed, and avoid using higher-privilege credentials than the skill needs.
Repository contents or code-derived metadata may be processed by an external service and reused for later queries in that scan/session.
The hosted service stores or derives reusable analysis context from code and can retain query context within a session. This is central to the skill, but users should consider confidentiality and retention for proprietary repositories.
scans any codebase once, builds a semantic graph of all components and their relationships ... Pass a `session_id` to maintain context across related queries. The system remembers what you asked recently
Use the skill only with repositories you are allowed to share with the service, review the provider's retention/privacy terms, and self-host for sensitive private code if appropriate.