Atris
v1.1.0Codebase intelligence — generates structured navigation maps with file:line references so agents stop re-scanning the same files every session. Use when exploring code, answering "where is X?", or onboarding to a new codebase.
⭐ 0· 1.3k·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to produce a codebase navigation map and its instructions explicitly describe scanning the repo and writing atris/MAP.md — this is coherent. One inconsistency: the registry metadata supplied with the skill earlier listed no required binaries, but the SKILL.md declares a dependency on 'rg' (ripgrep). Requiring 'rg' is reasonable for the described function, but the metadata mismatch should be corrected.
Instruction Scope
SKILL.md confines actions to scanning the project tree with ripgrep, excluding common vendored and secrets files, and creating/updating atris/MAP.md. It does not instruct reading unrelated system files, environment variables, or sending data to external endpoints. It does instruct modifying the repository (creating atris/ and MAP.md), which is expected for this feature.
Install Mechanism
This is an instruction-only skill with no install spec (lowest install risk). The only runtime dependency is the 'rg' binary referenced in SKILL.md; no installers or remote downloads are present. Because there's no install step, ensure 'rg' is available in the agent environment or the agent will need to obtain it via out-of-band means.
Credentials
The skill requests no environment variables, credentials, or config paths. Its scope — reading repository files and writing a map file — matches the lack of credential requests.
Persistence & Privilege
The skill writes a persistent file (atris/MAP.md) into the project root and expects ongoing edits to that file. This is normal for a mapping tool but has privacy/commit implications (the map can contain file paths and line numbers). The skill does not request elevated system privileges or modify other skills' configs.
Assessment
What to consider before installing/using Atris:
- Behavior: Atris will scan your repository and create/modify atris/MAP.md in the project root. Review and agree to that file being added to the repo or add it to .gitignore if you don't want it committed.
- Dependency: SKILL.md requires the 'rg' (ripgrep) binary. Ensure the agent environment has ripgrep available; the registry metadata omits this requirement — expect to install ripgrep yourself if needed.
- Sensitive data: The instructions explicitly exclude .env, secrets, keys, etc., but always review the generated MAP.md before committing or sharing, since it records file paths and line references which could reveal sensitive structure.
- Scope and safety: The skill operates locally on repository files and does not exfiltrate data or request credentials. If you run the agent in a workspace that contains other projects or parent folders, confirm the scan scope so the map doesn't include unrelated files.
- Team policy: If multiple contributors access the repo, decide whether the map should be tracked in version control or kept local, and establish a review process for changes to MAP.md.
Overall: the skill is internally coherent and appropriate for its stated purpose; the only actionable inconsistency is the missing 'rg' requirement in the registry metadata and the fact it will write a persistent file you should review before committing.Like a lobster shell, security has layers — review code before you run it.
latestvk971z8e28w5a8g0j60pbnanm1580z39t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.