Project Analyzer
PassAudited by ClawScan on May 2, 2026.
Overview
This appears to be a straightforward local project analyzer, but it will read project files and return summaries or snippets to the agent.
This skill looks coherent and purpose-aligned. Before installing or running it, choose a specific project directory and avoid folders containing secrets, credentials, or unrelated private files; review the generated report before sharing it elsewhere.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill runs local code against the selected project directory.
The skill instructs the agent to execute a local Python script. This is expected and central to the stated purpose, but users should know local code will run.
Run the scout script using the `exec` tool:
python3 {baseDir}/scout.py --path <DIRECTORY>Use the skill only from a trusted installation and point it at the specific directory you want analyzed.
Project details, config snippets, or source samples may appear in the generated report.
The skill collects project file contents and metadata so the agent can summarize them. This is purpose-aligned, but it may place private project snippets into the agent context.
Reads key files: `README.md`, `package.json`, `pyproject.toml`, `Dockerfile`, source files, configs
Run it on scoped project folders and avoid directories containing secrets, production credentials, or unrelated private documents.
A user may underestimate how much project information is exposed to the agent during summarization.
The visible script appears local-only, but the privacy wording is broad; users should still recognize that the report is returned to the agent/chat context.
Returns all of this to the agent, which formats a clear report for your chat channel Everything runs locally — no data leaves your machine.
Interpret the claim as no direct network behavior evidenced in the script, not as a guarantee that sensitive project text will never enter an agent or chat context.