Code 1.0.4
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less publisher/source assurance than you would with a fully traceable package, but there is no executable install path in the supplied artifacts.
The registry provenance is limited, and the registry version does not fully align with the 1.0.4 version shown in the skill files. Because there is no install spec or executable code, this is a provenance note rather than a material behavior concern.
Source: unknown ... Version: 1.0.0
Verify the registry listing and homepage if provenance matters for your environment.
Saved coding preferences may affect later coding tasks and will remain on disk until edited or deleted.
The skill creates persistent local context that can influence future coding behavior, though the artifacts clearly scope it to explicit user-provided preferences.
Read `~/code/memory.md` for user's stated preferences if it exists ... Only store what user explicitly asks to save.
Only ask it to remember non-sensitive preferences, and periodically review or delete ~/code/memory.md if those preferences should no longer apply.