Phantom Limb
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
The agent may bring sensitive configuration values into the conversation context while performing the analysis.
Why it was flagged
The skill explicitly asks the agent to inspect environment and deployment configuration files, which may contain secrets or sensitive infrastructure details.
Skill content
Cross-reference every `process.env`, `os.environ`, `ENV[]` read against actual `.env`, `.env.example`, CI/CD configs, and deployment manifests.
Recommendation
Run it only on intended repositories, avoid including real secrets where possible, and instruct the agent to report variable names and file references without quoting secret values.