project-assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate project-analysis helper, but it persists project knowledge and can store/display API-key-like configuration across sessions without clear masking or access controls.
Install only if you are comfortable with the skill reading your project and writing persistent .claude/config artifacts. Do not store secrets in its custom config, exclude or redact .env files, and review generated caches/docs before sharing or committing them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the skill may inspect project files and create or update analysis artifacts such as caches and documents.
The skill instructs the agent to run local Python tools on the selected project directory. That is expected for project analysis, but users should know it grants local read/write influence over that project area.
python3 {baseDir}/scripts/detector.py "$PROJECT_DIR" ... python3 {baseDir}/scripts/utils/cache_manager.py <check|update|clear> "$PROJECT_DIR"Use it only on project directories you intend to analyze, and review generated .claude files before sharing or committing them.
A user who follows the example could persist secrets in config.json and later expose them through configuration display, including in shared or group-chat contexts described by the README.
The built-in help demonstrates storing an API-key-like value in plaintext custom configuration, and show_all returns the custom config without masking.
config_manager.py /path/to/skill set custom.api_key "xxx"
...
if config.get("custom"):
result["config"]["custom"] = config["custom"]Do not store API keys or tokens in this skill's custom config. The skill author should mask secret-looking values, use environment variables or a vault, and declare any optional credential handling clearly.
Private project details, incorrect answers, or sensitive discussion content may be retained in the project and reused later, even after the original chat context is gone.
The skill creates persistent project memory and Q&A caches that can be reused across later questions; the artifacts do not show an explicit approval or review step before this persistence.
.claude/ ├── project.md ├── index/ ├── docs/ └── qa_cache.json ... Q&A 缓存 - 相似问题自动匹配,有效期 7 天
Inspect and clean the .claude directory regularly, avoid committing generated caches/docs, and prefer an explicit confirmation step before saving Q&A content.
Environment secrets could be surfaced in answers or preserved in generated project documentation/cache if the analyzer reads file contents during a task.
The analyzer classifies .env-style files as key project configuration files. These often contain secrets, and the provided artifacts do not show redaction rules for values read from them.
'.env', '.env.local', '.env.development', '.env.production',
Exclude or redact .env files before using the skill on sensitive projects, and add documented secret-filtering behavior to the skill.