Code
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: code Version: 1.0.4 The skill bundle is designed for a coding workflow, providing guidance and storing user preferences locally. All files consistently emphasize strict security boundaries: no automatic code execution, no network requests, and file system access limited to `~/code/memory.md` for user-explicit preferences. The `SKILL.md` explicitly states 'This skill NEVER: Executes code automatically, Makes network requests, Accesses files outside `~/code/` and the user's project'. There is no evidence of intentional harmful behavior, data exfiltration, or prompt injection attempts to bypass these controls.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved coding steps may modify files or run verification in the user’s project.
The skill is intended to guide implementation work that may change project files, but the artifact frames this as step-by-step and user-approved.
When user approves a step: 1. Execute that step 2. Verify it works 3. Report completion to user 4. Wait for user to approve next step
Use normal safeguards such as version control, reviewing diffs, and approving each step before changes are made.
Saved preferences may affect future coding sessions and could cause unwanted behavior if incorrect or overly broad preferences are stored.
The skill uses a persistent local memory file that can influence future coding behavior, though the artifacts scope it to explicit user-provided preferences.
Read `~/code/memory.md` for user's stated preferences if it exists... Only store what user explicitly asks to save.
Only save non-sensitive preferences intentionally, and review or delete ~/code/memory.md if preferences become outdated or incorrect.