SkillLens Audit
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned, but users should verify the external SkillLens CLI package and be deliberate about scan scope and optional auditor CLIs.
Before installing or using this skill, verify the SkillLens CLI package and avoid global installation unless necessary. Prefer scanning a specific skills directory rather than all configured roots, and only use Claude/Codex auditor options if you are comfortable with those tools processing the scanned skill contents.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running an unverified CLI package can execute code in the user's local environment.
The skill relies on an external package installed or run at use time, and the command does not pin a version. This is central to the skill's purpose, but users should verify the package provenance before running it.
- One-off run: `npx skilllens scan` (or `pnpm dlx skilllens scan`) - Global install: `pnpm add -g skilllens`
Verify the SkillLens package source and version before use, prefer a pinned/trusted install path, and avoid global installation unless needed.
Local skill files or scan results may be processed by the selected auditor CLI, depending on how SkillLens implements that option.
The workflow supports handing audit work to Claude or Codex auditor CLIs. This is purpose-aligned, but the artifact does not describe the data boundaries for those optional auditor tools.
Run `skilllens scan [path] [--auditor claude|codex]`.
Use a specific scan path and select external auditors only when you are comfortable with their data handling and account context.