Phantom Limb
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only code-analysis skill is generally coherent, but it may read sensitive project configuration files while checking for stale dependencies.
This skill appears suitable for static code diagnostics, but use it on a repository you intend to analyze and be careful with real .env, CI/CD, and deployment files. Ask the agent to avoid printing secrets and to summarize findings by file, variable, or configuration key rather than revealing sensitive values.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may bring sensitive configuration values into the conversation context while performing the analysis.
The skill explicitly asks the agent to inspect environment and deployment configuration files, which may contain secrets or sensitive infrastructure details.
Cross-reference every `process.env`, `os.environ`, `ENV[]` read against actual `.env`, `.env.example`, CI/CD configs, and deployment manifests.
Run it only on intended repositories, avoid including real secrets where possible, and instruct the agent to report variable names and file references without quoting secret values.