project-analyzer
PassAudited by ClawScan on May 6, 2026.
Overview
This instruction-only codebase analysis skill is coherent and non-mutating, but it will read/search project files and may run simple local counting commands.
This skill appears safe for normal codebase review. Before installing or invoking it, make sure you run it only against the intended project directory and avoid including files that contain secrets, credentials, or unrelated private data.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run simple local commands in the project directory; while the documented examples are non-destructive, shell commands should still be reviewed if expanded.
The skill explicitly permits local shell command use, but only for read-only counting tasks that fit the project analysis purpose.
- **Bash**: Use `wc -l` to count lines, `find` to get file counts
Use the skill in the intended project folder and review any proposed Bash command before execution, especially if it goes beyond file or line counting.
Private codebase details or accidental secrets in project files could be included in the analysis context or final report.
The skill is expected to read project content into the agent context, including configuration and documentation files that may contain private details or untrusted instructions.
Use **Read** to examine key files: - Package manifests ... - Configuration files - README and docs
Run it only on the intended repository, avoid including secret files, and treat repository text as untrusted evidence rather than instructions to follow.