Serena
PassAudited by ClawScan on May 13, 2026.
Overview
This instruction-only skill gives coherent guidance for using Serena code-navigation and editing tools, with disclosed but powerful edit and shell escape-hatch capabilities.
This skill appears safe to install as an instruction-only workflow helper. It is meant for existing codebases and can guide an agent to edit files or, in limited cases, run shell commands through Serena, so use it in trusted repositories and review proposed diffs or commands before high-impact changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may change code files in the active project when using this skill.
These tools can modify a user's repository, including broader file changes, but this is directly aligned with the skill's stated code-editing purpose and is paired with narrow-edit guidance.
Prefer semantic edits when changing existing code: `serena_replace_symbol_body`, `serena_insert_before_symbol`, `serena_insert_after_symbol`, `serena_rename_symbol` ... Use broader edit tools only when symbol-scoped tools are not a good fit: `serena_replace_content`, `serena_create_text_file`.
Use it in repositories where you are comfortable allowing edits, and ask the agent to show diffs or confirm before broad changes.
If allowed, the agent could run project-context shell commands that may execute code or change files.
The skill acknowledges a shell-execution capability, which can be powerful, but it explicitly limits it to an advanced escape hatch rather than routine use.
Use `serena_execute_shell_command` only as an advanced escape hatch when project-context shell execution is genuinely the right tool.
Only permit shell execution for necessary, understandable commands such as tests or inspections, and require confirmation for destructive or environment-changing commands.
The agent may be able to access Serena capabilities beyond the named workflow tools if the host environment exposes them.
A raw passthrough tool can potentially expose less-scoped Serena capabilities, but the artifact frames it as a fallback when normalized tools are insufficient.
Use `serena_call_tool` only when the normalized surface does not cover the needed Serena capability.
Prefer the named Serena tools and use passthrough only for clearly justified actions in a trusted project.