Wjs Auditing Project
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: wjs-auditing-project Version: 0.1.0 The skill is a comprehensive project auditing tool designed for an iOS development environment (specifically the 'Cathier' app). It performs read-only investigations of Git state, GitHub PRs/Actions, and local system logs to identify stalled work or plan drift, requiring explicit user confirmation before performing any corrective actions like merging or pushing code. The instructions in SKILL.md emphasize a strict two-phase workflow and include safety constraints against destructive actions, such as force-pushing or autonomous App Store submissions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may immediately inspect repository state, branches, PRs, CI runs, local app logs, and project files as part of the audit.
The skill deliberately initiates a broad set of shell-based project checks once invoked. This is aligned with the audit purpose, but users should know it will run multiple local/network commands without per-command approval.
Run all the read-only checks in one message with parallel Bash calls. Don't ask the user which to run; run them all.
Invoke it only from the intended project directory, and review the resulting checklist before approving any fix, merge, push, tag, or release action.
Repository metadata and CI failure logs from the GitHub account currently logged into `gh` may be shown to the agent.
The GitHub CLI normally uses the user's authenticated GitHub identity to read repository PR and Actions data. The access is purpose-aligned and read-only in the shown instructions.
`gh pr list --state open --json number,title,isDraft,mergeable,mergeStateStatus,updatedAt,author,headRefName` ... `gh run view <id> --log-failed | tail -100`
Before use, confirm `gh` is authenticated to the intended account and repository, especially if you have access to multiple organizations.
Private project plans, file paths, source TODOs, and recent app error details may appear in the audit output.
The skill pulls project planning files and recent app runtime log excerpts into the agent's working context. This is relevant to the audit, but those files/logs may contain private project or user details.
Read `TODOS.md`, `CHANGELOG.md`, `APP_STORE_SUBMISSION_GUIDE.md`, `ROADMAP.md`, `docs/plan*.md` ... `log show --predicate 'process == "Cathier"' --last 1d`
Use it only on projects and logs you are comfortable sharing with the agent, and redact sensitive log output before broader sharing.