Atris
PassAudited by ClawScan on May 1, 2026.
Overview
Atris is a transparent code-navigation skill that locally scans a repository and writes a persistent map, with minor notes about repo-file changes, persistent context, and an under-declared ripgrep dependency.
This skill appears safe for its stated purpose. Install it if you are comfortable with an agent scanning the current repository and adding or updating atris/MAP.md. Review that file before committing or sharing it, keep secrets out of the map, and make sure ripgrep (`rg`) is installed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may add or modify atris/MAP.md in a repository.
The skill instructs the agent to run local repository searches and create or update a file in the project. This is expected for a code-navigation skill, but it is still a local file mutation users should be aware of.
If `atris/MAP.md` doesn't exist... Create `atris/` folder in the project root ... Scan the codebase ... Write the result to `atris/MAP.md`
Review atris/MAP.md before committing or sharing it, and ask the agent to confirm before creating or regenerating the map if you want tighter control.
The skill may not work as expected unless ripgrep is available, despite the registry not declaring that requirement.
The skill declares a ripgrep dependency in SKILL.md, while the provided registry requirements say no binaries are required. This is an under-declared dependency rather than evidence of malicious behavior.
requires:
bins:
- rgEnsure `rg`/ripgrep is installed before use, and treat the registry metadata as incomplete for this dependency.
Future code exploration may rely on whatever is stored in atris/MAP.md, including outdated or inaccurate entries.
The skill creates persistent context that future agents are expected to trust for navigation. That is central to the purpose, but a stale or manually altered map could misdirect later work.
Before searching for anything in the codebase: 1. Read `atris/MAP.md` ... Found your keyword → go directly ... The map gets smarter every time you use it. Never let a discovery go unrecorded.
Keep the map reviewed and current, regenerate it when it is stale, and avoid storing secrets or sensitive implementation details you would not want committed or shared.