Write Coding Standards from File
PassAudited by ClawScan on May 12, 2026.
Overview
No suspicious behavior is evident; the skill reads user-selected project files to draft coding standards and includes safeguards around secrets, persistence, and source edits.
This looks safe to install as an instruction-only helper, but use narrow file or folder inputs and review any generated file changes. Avoid passing secrets or private unrelated directories. Confidence is medium because the displayed SKILL.md content is truncated, so this assessment is based on the visible artifact text and provided scan metadata.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may add or modify project documentation, and source edits are intended to happen only after explicit confirmation.
The skill may create a new standards file and can optionally edit README/source files, but the defaults avoid source rewrites and require explicit approval for source edits.
* createNewFile = true; ... * addToREADME = false; ... * fixInconsistencies = false; ... * requireEditConfirmation = true;
Review the target file path and any proposed diff before accepting changes, especially when using addToREADME or fixInconsistencies.
Project code style and structure may be processed in the agent context during analysis.
The skill processes local source content, which may be private, while also instructing the agent to scope analysis narrowly, exclude sensitive paths, and avoid persistent storage.
analyze only the explicitly provided file paths or a narrowly scoped folder. Exclude secrets, private data, environment files, generated output, dependency folders, and unrelated directories by default. Aggregate style observations in temporary working memory instead of copying full source into persistent storage
Pass only the specific files or narrow folders needed, and do not include secrets, environment files, dependency folders, or unrelated private directories.
If a remote style URL is used, its contents could influence the generated standards.
A visible configuration option suggests the skill may retrieve external style-guide content; remote content can be untrusted, though the provided artifact does not show it being treated as authoritative or used unsafely.
* fetchStyleURL = true;
Use only trusted style-guide URLs and treat fetched content as reference material, not as instructions that override the user's request.