php-pro
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: ah-php-pro Version: 1.0.0 The skill bundle defines a persona for a senior PHP developer specializing in modern PHP 8.3+, Laravel, and Symfony. The instructions in SKILL.md focus on industry best practices, including PSR standards, strict typing, security scanning, and performance optimization. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read and change files in the PHP project you ask it to work on.
The skill directs the agent to inspect project files and implement code changes. This is aligned with a PHP development skill, but it means the agent may modify a user’s codebase.
Review composer.json, autoloading setup, and PHP version requirements ... Implement solutions following PSR standards and modern PHP best practices
Use it in the intended repository, review generated changes before committing or deploying, and keep backups or version control enabled.
There is no clear credential-handling workflow in the supplied artifacts, but users should be cautious if the agent later requests tokens or secrets.
The provided metadata flags credential-related capability signals, while the declared requirements do not specify any credential, token, or environment variable. The SKILL.md appears to mention authentication as a development topic rather than instructing credential use.
Capability signals: requires-oauth-token; requires-sensitive-credentials ... Primary credential: none
Do not provide production credentials unless a task explicitly requires them; prefer test credentials and confirm why any token or secret is needed.