Project Code Standard
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent code-quality skill, but users should verify the referenced local helper scripts/templates before running them and approve any automatic fixes.
This skill appears safe for normal linting and formatting workflows. Before installing or using it, confirm that any referenced scripts or templates actually come from a trusted source, run it on a version-controlled project, and only approve automatic fixes after checking the target path and expected changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect project files and run local tooling to produce reports; users should expect workspace access during checks.
The skill instructs the agent to run local linting and formatting checks. This is purpose-aligned for code-standard validation, but it still means commands are run in the user's project environment.
ruff check . # 代码规范 ruff format --check . # 格式检查
Run the skill only on projects you intend to inspect, and review proposed commands if the repository or tooling is untrusted.
A user or agent could accidentally run an unreviewed local script with the same path, or the command may simply fail because the helper files are absent.
The skill references helper scripts and asset templates, but the supplied manifest contains only SKILL.md and no scripts/assets. If followed literally, these paths may be missing or may resolve to files outside the reviewed skill package.
python scripts/check_python.py <target_path> --output markdown
Verify the source and contents of any referenced scripts or templates before running or copying them; prefer known installed linters such as ruff, black, eslint, or prettier when helper files are not provided.
Approved auto-fixes may change multiple source files or configuration files across a project.
The skill acknowledges that automatic repair can modify files and requires confirmation before doing so. This control keeps the behavior purpose-aligned, but bulk formatting can still affect many files once approved.
自动修复前**必须**获得用户确认,不要直接修改文件
Use version control, review diffs after auto-fixes, and avoid approving broad fixes unless the target path is clear.