Workspace Standard
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its workspace-organizing purpose, but its docs include broad git cleanup and push commands that could delete untracked files or publish private workspace notes unless reviewed.
Install only if you want this skill to organize and audit your local workspace. Before following its maintenance or undo commands, inspect `git status` and `git diff`, preview destructive cleanup with `git clean -fdn`, and do not let an agent push workspace memory to a remote repository without your explicit review.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent follows the undo instructions in a workspace that has unrelated untracked files, those files could be permanently deleted.
`git clean -fd` deletes all untracked files and directories in the repository, not just files created by this skill, and the guidance does not include a dry-run or path scoping.
git checkout -- . git clean -fd
Use a preview first, such as `git clean -fdn`, and scope cleanup to known generated paths. Require explicit user confirmation before running destructive git commands.
Private workspace notes, logs, entity records, or unrelated local changes could be committed and pushed to a shared or public remote if the command is followed without review.
The checklist makes a broad add/commit/push part of maintenance. Because workspace memory may contain private notes, `git add -A` plus `git push` can propagate more information than intended to a remote repository.
git add -A git commit -m "Weekly workspace maintenance: consolidate, prune, update" git push
Add an explicit review step such as `git status`, `git diff`, and staged-file approval before commit, and do not push automatically without user confirmation.
The agent may retain and reuse private workspace facts across sessions, and stale or sensitive entries could influence later work.
The skill encourages persistent entity records that may contain personal, infrastructure, and decision context. This is central to the workspace-memory purpose, but users should treat it as sensitive.
People: Name, contact info, relationship, roles Servers: Hostname, IP, provider, purpose, SSH details Decisions: Date, context, what was decided, rationale
Avoid storing secrets or unnecessary personal data, review memory/entity files regularly, and be careful before syncing these files to remote repositories.
A user who installs scripts this way could receive changed code later if the upstream branch changes.
The README offers optional raw GitHub downloads from the moving `main` branch. This is user-directed and not part of an automatic install spec, but it is not pinned to an immutable version.
curl -O https://raw.githubusercontent.com/marcus-qen/workspace-standard/main/scripts/workspace-init.sh curl -O https://raw.githubusercontent.com/marcus-qen/workspace-standard/main/scripts/workspace-audit.sh
Prefer the reviewed ClawHub package or pin downloads to a specific commit and inspect scripts before execution.
Installing users should expect local shell execution and local workspace file changes when they run the helper scripts.
The skill relies on user-run bash scripts for initialization and auditing. The included scripts are visible and purpose-aligned, but they still execute local shell commands and create or inspect files.
bash skills/workspace-standard/scripts/workspace-init.sh bash skills/workspace-standard/scripts/workspace-audit.sh
Review the script contents and run them from the intended workspace path; avoid `--force` unless you intentionally want existing template files overwritten.