RepoMedic
PassAudited by ClawScan on May 1, 2026.
Overview
RepoMedic is a conservative dependency-fix skill that can change repository dependency files and run package-manager checks, with clear branch, approval, and scope guardrails.
Before installing, be comfortable letting it inspect and modify dependency-related files in the target repository. Keep its work on a branch, review the planned edits and final diff, use the least repository access needed, and require explicit approval for non-trivial, major-version, or high-risk dependency changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may change dependency-related files in the repository, which can affect builds or application behavior if merged.
The skill authorizes repository file edits and lockfile regeneration, which are expected for dependency remediation and are paired with scope and approval guardrails.
Default to **analyze + propose first** before changing files... Apply minimal file changes... Regenerate lockfile only when required
Review the proposed files and version changes, keep edits on a branch, and merge only after validation passes.
If granted repository write access, the agent could create branch commits or PR-ready changes.
The skill may use delegated repository permissions, including write access, but it limits that access to the target repository and non-default branches.
Required access (only when needed): - Read access to the target repository - Write access only on a non-default branch
Use least-privilege, repo-scoped access where possible and keep branch protections for main/master enabled.
Running these commands can install dependencies, modify lockfiles, or execute project scripts in the target repository.
Package-manager installs and project build/test/lint commands can execute local project or dependency scripts; this is central to the skill's purpose and is disclosed.
Package manager commands needed for dependency remediation (`pnpm`/`npm`/`yarn`)... Run build/test/lint where available
Run it only in the intended repository, inspect scripts for unfamiliar projects, and confirm validation commands before relying on results.