php-pro
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read and change files in the PHP project you ask it to work on.
The skill directs the agent to inspect project files and implement code changes. This is aligned with a PHP development skill, but it means the agent may modify a user’s codebase.
Review composer.json, autoloading setup, and PHP version requirements ... Implement solutions following PSR standards and modern PHP best practices
Use it in the intended repository, review generated changes before committing or deploying, and keep backups or version control enabled.
There is no clear credential-handling workflow in the supplied artifacts, but users should be cautious if the agent later requests tokens or secrets.
The provided metadata flags credential-related capability signals, while the declared requirements do not specify any credential, token, or environment variable. The SKILL.md appears to mention authentication as a development topic rather than instructing credential use.
Capability signals: requires-oauth-token; requires-sensitive-credentials ... Primary credential: none
Do not provide production credentials unless a task explicitly requires them; prefer test credentials and confirm why any token or secret is needed.