Semantic Code Search
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: semantic-code-search Version: 1.0.0 The skill implements a local semantic code search engine using Python's AST module and a custom TF-IDF vectorizer. Analysis of scripts/code_search.py and SKILL.md shows no network activity, no data exfiltration, and no use of dangerous execution functions like eval or os.system. The code is well-structured and strictly follows its stated purpose of indexing and searching local codebases without any evidence of malicious intent or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The local index may contain proprietary code, comments, or secrets accidentally present in source files.
The save method writes extracted source code and docstrings into a local JSON index, and the CLI index command saves that index as .code_index.json.
"docstring": f.docstring, "code": f.code, ... Path(path).write_text(json.dumps(data, indent=2))
Run it only on codebases you intend to index, keep .code_index.json out of commits and shared folders, and delete the index when it is no longer needed.
The documented commands may not work as written, and the user may need to resolve the correct file path or install a missing CLI dependency.
The documented CLI path references scripts/search.py, but the provided manifest contains scripts/code_search.py instead. The included code also imports click for CLI use without an install specification.
python3 scripts/search.py index /path/to/codebase
Verify the intended entrypoint before running commands and install only expected dependencies from trusted package sources.