php-pro
PassAudited by ClawScan on May 4, 2026.
Overview
This appears to be a normal instruction-only PHP coding skill, though users should remember it may inspect and change project code and its credential capability signals are not clearly explained.
This skill looks suitable for PHP development assistance. Before installing or using it, make sure it is invoked only on projects you intend to edit, review all code changes before committing, and avoid sharing real secrets or production credentials unless a specific, trusted workflow requires them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read and change files in the PHP project you ask it to work on.
The skill directs the agent to inspect project files and implement code changes. This is aligned with a PHP development skill, but it means the agent may modify a user’s codebase.
Review composer.json, autoloading setup, and PHP version requirements ... Implement solutions following PSR standards and modern PHP best practices
Use it in the intended repository, review generated changes before committing or deploying, and keep backups or version control enabled.
There is no clear credential-handling workflow in the supplied artifacts, but users should be cautious if the agent later requests tokens or secrets.
The provided metadata flags credential-related capability signals, while the declared requirements do not specify any credential, token, or environment variable. The SKILL.md appears to mention authentication as a development topic rather than instructing credential use.
Capability signals: requires-oauth-token; requires-sensitive-credentials ... Primary credential: none
Do not provide production credentials unless a task explicitly requires them; prefer test credentials and confirm why any token or secret is needed.