Amp Code
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A normal coding request could lead to broad file changes or command execution in the project before the user reviews each step.
The skill recommends handing a whole codebase to another autonomous agent in non-interactive mode while bypassing confirmation prompts.
Amp can read, write, refactor, and test code across an entire codebase without supervision... --dangerously-allow-all ... -x
Use only with explicit user approval, in a clean git branch or sandbox. Consider removing --dangerously-allow-all by default, requiring confirmations for risky actions, and reviewing diffs/tests before accepting changes.
If the installed amp binary is unexpected, outdated, or tampered with, it would receive the same broad authority granted by the skill.
The skill depends on an external local amp binary, but the provided artifacts do not pin, install, or verify that dependency.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Required binaries: amp
Install Amp only from a trusted Sourcegraph source, verify the binary path and version before use, and avoid running this skill with unknown local amp installations.
Task details, code snippets, and prior tool context may persist in Amp thread history and influence later continuations.
The workflow creates reusable thread history containing messages and tool activity that can be continued later.
To see the full thread as markdown (all messages, tool calls, etc.)... To continue a thread... Thread IDs are UUIDs. Save them if you want to audit or continue work later.
Treat thread IDs and thread history as sensitive, review old threads before continuing them, and start fresh threads for unrelated or sensitive work.