architect-review
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: architect-review Version: 1.0.0 The 'architect-review' skill bundle is a well-structured tool designed to analyze project architecture and generate evaluation reports. The instructions in SKILL.md define a clear, multi-phase workflow for scanning project structures, comparing code against specifications (OpenSpec), and performing dimension-based scoring (e.g., security, scalability) without modifying source code or executing arbitrary commands. There is no evidence of data exfiltration, malicious persistence, or harmful prompt injection; the behavior is entirely consistent with its stated purpose of architectural analysis.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect source files, specs, and security-related design files in the project to prepare the report.
The skill asks the agent to inspect project files, including architecture and security-related areas. This is expected for architecture review, but users should know it may read sensitive project structure or security design information.
For EACH dimension... Read relevant project files for this dimension: ... Security → auth, trust boundaries, secrets handling
Use it only in projects you are comfortable having reviewed by the agent/model, and avoid keeping real secrets in source files.
If the report is saved or shared, future agents may use its embedded metadata and issue locations.
The report template intentionally creates machine-readable metadata for future agents. This is purpose-aligned, but persistent report metadata and file paths could influence later automation.
At the END of the report file, include a hidden metadata block for downstream agents... This metadata enables a separate fix agent to: Parse the report programmatically; Navigate directly to problem locations
Review generated reports, including hidden or machine-readable sections, before sharing them or using them to drive automated fixes.
If you request parallel/subagent mode, project summaries, requirements, and relevant file paths may be passed to other agents or models.
The skill can send review context to subagents in an explicitly requested parallel mode. The opt-in requirement is a good boundary, but project context may still be shared across agent/model boundaries.
Optional: Parallel (subagents) - Only use Task tool if the user explicitly says "并发" / "parallel" / "用子 agent".
Use the default sequential mode for highly sensitive projects unless you are comfortable with subagent/model sharing.
You have less external provenance to verify who maintains the skill, but the supplied artifacts do not show executable code or install-time behavior.
The skill has limited provenance information, although there is no executable install mechanism or code package shown.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install only if you trust the publisher or have reviewed the installed instruction files yourself.