validation-agent
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on an untrusted project, local tests or scripts could run code from that project on the user's machine.
The skill explicitly asks the agent to run project test commands. This is central to validation, but test commands can execute repository-controlled code.
Run Test Suite (using Bash): npm test; pytest; go test ./...; cargo test
Use this skill on trusted repositories or in a sandboxed environment when validating unfamiliar code.
The agent may read and summarize sensitive project content, including accidentally committed secrets, while performing validation.
The skill uses broad read and search tools across the project workspace. This is expected for code validation, but it means the agent may inspect many project files.
Use Glob to find all modified files ... Review Modified Files (using Read) ... Search for Anti-Patterns (using Grep)
Review the generated validation report before sharing it externally, especially if the repository may contain secrets or private code.