Copilot
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Saved context can make the assistant more useful, but stale or sensitive entries may shape later answers or expose private details to anyone with access to the local files.
The skill intentionally creates persistent local memory that will influence future responses and may contain sensitive work context, decisions, preferences, or project history.
Store context in `~/copilot/` ... active, priorities, decisions, patterns ... On EVERY activation: Read active first.
Review the ~/copilot/ files periodically, avoid storing secrets, correct stale information, and delete the folder if you no longer want persistent memory.
When invoked, the assistant may inspect terminal output, run tests, or monitor deployment-related systems, which could reveal sensitive logs or consume local resources.
The skill documents user-invoked local/devops actions. They are purpose-aligned and include confirmation boundaries, but they can still read development output or run commands.
`/debug` — Read recent terminal errors, suggest causes; `/test` — Run test suite, summarize results; `/deploy:watch {url}` — Monitor pipeline, alert on failure ... Production operations: explicit confirm; Never touch credentials autonomouslyUse these commands deliberately, require confirmation for non-read or production actions, and do not allow the skill to handle credentials or secrets.
The assistant may read its local state and prompt you during heartbeat or configured scheduled tasks rather than only after direct messages.
The skill relies on periodic and scheduled activations for proactive assistance. This is disclosed and aligned with the purpose, not hidden persistence.
You activate on: User message — they write, you respond; Heartbeat — ~30 min polling; Cron — scheduled tasks
Configure heartbeat and cron behavior intentionally, use `/pause` when you do not want interruptions, and verify any scheduled tasks before enabling them.
The assistant may sound more certain about your current context than it really is, especially if saved state is outdated.
The skill encourages a confident continuity style even though it acknowledges the agent does not continuously observe user activity.
A true copilot sees everything in real-time. You can't. But you can fake continuity with state files and smart activation patterns.
Treat proactive context as an inference, not proof; ask the assistant to cite the state it used when accuracy matters.