Skill Audit
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This appears reasonable to use for its stated purpose if you run it on repositories you intentionally want audited. Use a least-privilege GitHub token only if needed, review generated reports before sending them to a model or third party, and do not point --target-repo at broad private directories. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may need to understand how the packaged CLI is installed or invoked, and should not assume there is no executable code just because there is no install spec.
The metadata presents the skill as instruction-only while the artifact set includes runnable Python package files and documented CLI commands. This is a setup/provenance clarity note, but no automatic install or hidden helper execution is shown.
Install specifications: No install spec — this is an instruction-only skill. Code file presence: 28 code file(s)
Treat it as a Python CLI skill, review the package source before use, and prefer a clear pinned install path or local wrapper invocation.
Using the skill can execute local helper commands such as git, though the provided evidence does not show execution of target-repository code.
The skill runs a local git command to collect commit metadata. It uses an argument vector rather than shell=True and is aligned with repository auditing.
subprocess.run(["git", "-C", str(target_repo), "rev-parse", "HEAD"], check=True, capture_output=True, text=True)
Run it in a normal least-privilege environment and only point it at repositories you intend to audit.
A GitHub token, if provided, may be used for GitHub API requests, and repository origin information may be sent to GitHub.
The skill may use a GitHub token and contact GitHub for repository reputation checks. This is disclosed and purpose-aligned, with no evidence of credential logging or unrelated use.
Optional enhancement: `GITHUB_TOKEN` for higher GitHub API rate limits ... `evaluate` always attempts the GitHub OSINT precheck first when the target repository has a GitHub `origin`
Use a low-scope token only if needed for rate limits, and avoid scanning private repositories unless this GitHub lookup is acceptable.
Scan outputs or prompt payloads can contain snippets from local repository files, which may include private code or secrets.
The scanner recursively reads text files under the user-supplied target repository so it can produce findings and prompt payloads. This is core to the stated purpose, but scanned code or secrets may appear in reports.
for dirpath, dirnames, filenames in os.walk(target_repo): ... text = abs_path.read_text(encoding="utf-8")
Review generated JSON/prompt output before sharing it with external systems, and avoid scanning directories broader than the intended repository.