Wjs Auditing Project
PassAudited by ClawScan on May 13, 2026.
Overview
This instruction-only skill is coherent for auditing an iOS/GitHub project, but users should expect it to run local and GitHub read-only checks and inspect scoped app/project logs.
Install/use this only if you want an agent to inspect the current project, GitHub PRs/actions, release state, TODO/roadmap files, and Cathier-related local logs. Check that you are in the right repository and logged into the right GitHub account, then review the checklist before approving any changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may immediately inspect repository state, branches, PRs, CI runs, local app logs, and project files as part of the audit.
The skill deliberately initiates a broad set of shell-based project checks once invoked. This is aligned with the audit purpose, but users should know it will run multiple local/network commands without per-command approval.
Run all the read-only checks in one message with parallel Bash calls. Don't ask the user which to run; run them all.
Invoke it only from the intended project directory, and review the resulting checklist before approving any fix, merge, push, tag, or release action.
Repository metadata and CI failure logs from the GitHub account currently logged into `gh` may be shown to the agent.
The GitHub CLI normally uses the user's authenticated GitHub identity to read repository PR and Actions data. The access is purpose-aligned and read-only in the shown instructions.
`gh pr list --state open --json number,title,isDraft,mergeable,mergeStateStatus,updatedAt,author,headRefName` ... `gh run view <id> --log-failed | tail -100`
Before use, confirm `gh` is authenticated to the intended account and repository, especially if you have access to multiple organizations.
Private project plans, file paths, source TODOs, and recent app error details may appear in the audit output.
The skill pulls project planning files and recent app runtime log excerpts into the agent's working context. This is relevant to the audit, but those files/logs may contain private project or user details.
Read `TODOS.md`, `CHANGELOG.md`, `APP_STORE_SUBMISSION_GUIDE.md`, `ROADMAP.md`, `docs/plan*.md` ... `log show --predicate 'process == "Cathier"' --last 1d`
Use it only on projects and logs you are comfortable sharing with the agent, and redact sensitive log output before broader sharing.