Code QC
PassAudited by ClawScan on May 1, 2026.
Overview
Code QC is a coherent code-audit skill, but it intentionally runs project tools/code and can optionally modify files, so use it in a clean, reviewable workspace.
Install if you want an agent to run structured code quality checks. For unfamiliar repositories, run it in an isolated environment, keep a clean git branch, review any generated reports or baselines, and use `--fix` only when you are ready to inspect automatic code changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Auditing an unfamiliar project could execute that project's import-time code.
The import-check helper intentionally imports project modules, which can run module-level code. This is expected for import integrity checks, but it matters for untrusted codebases.
importlib.import_module(modname)
Run QC on unfamiliar repositories in an isolated environment and review project startup/import behavior before trusting results.
Project tests or package scripts may change local state or depend on the user's environment.
The skill directs the agent to run project test tooling. That is central to the QC purpose, but test commands can execute project-defined code and scripts.
Run existing tests + coverage | pytest --cov / jest --coverage
Use a clean git working tree or sandbox for projects you do not fully trust, and inspect project scripts before running a full audit.
If fix mode is used, source files may be changed automatically.
The skill includes a fix mode that can modify source files via formatters/linters. The artifacts present it as an explicit mode, not a hidden default.
`--fix` | 3 with autofix | Apply automatic fixes
Only use fix mode when intended, keep changes under version control, and review diffs before committing.
Installing latest external tooling may produce different behavior over time or pull packages from public registries.
The references recommend installing external QC tools. This is normal for a code-audit skill, but the install examples are unpinned and user-directed.
Install if needed: `pip install ruff`
Prefer project-managed, pinned, or already-installed tooling when possible.
Baseline files may preserve project paths, metrics, or issue summaries for later reuse.
The skill indicates it may persist QC baseline information for later comparisons. This is purpose-aligned, but users should know audit results may be retained.
Save baseline for future comparison
Store baselines only where intended and avoid including sensitive project details in shared reports.