Write Coding Standards from File
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: write-coding-standards-from-file Version: 1.0.1 The skill is designed to automate the creation of coding standards by analyzing local source files and fetching external style guides. It includes several security-conscious configurations, such as a robust list of excluded sensitive paths (e.g., .env, secrets, keys) in 'excludedPathGlobs', a requirement for explicit user confirmation and diff review before any file modifications, and instructions to delete temporary analysis files. The external URLs used in the '#fetch' commands are restricted to reputable documentation sites (e.g., Google, Microsoft, GitHub) and no evidence of malicious intent or data exfiltration was found in SKILL.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may add or modify project documentation, and source edits are intended to happen only after explicit confirmation.
The skill may create a new standards file and can optionally edit README/source files, but the defaults avoid source rewrites and require explicit approval for source edits.
* createNewFile = true; ... * addToREADME = false; ... * fixInconsistencies = false; ... * requireEditConfirmation = true;
Review the target file path and any proposed diff before accepting changes, especially when using addToREADME or fixInconsistencies.
Project code style and structure may be processed in the agent context during analysis.
The skill processes local source content, which may be private, while also instructing the agent to scope analysis narrowly, exclude sensitive paths, and avoid persistent storage.
analyze only the explicitly provided file paths or a narrowly scoped folder. Exclude secrets, private data, environment files, generated output, dependency folders, and unrelated directories by default. Aggregate style observations in temporary working memory instead of copying full source into persistent storage
Pass only the specific files or narrow folders needed, and do not include secrets, environment files, dependency folders, or unrelated private directories.
If a remote style URL is used, its contents could influence the generated standards.
A visible configuration option suggests the skill may retrieve external style-guide content; remote content can be untrusted, though the provided artifact does not show it being treated as authoritative or used unsafely.
* fetchStyleURL = true;
Use only trusted style-guide URLs and treat fetched content as reference material, not as instructions that override the user's request.