code-doc-guid
v1.0.2Codebase navigation and documentation assistant. Helps AI locate code definitions, understand dependencies, and maintain documentation consistency. BLOCKING...
⭐ 0· 239·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the observed behavior: an on-disk SQLite-based code index, search, inspect, graph, and update commands. No unrelated environment variables, binaries, or external services are requested.
Instruction Scope
SKILL.md prescribes that the agent MUST run this skill before any code modification and after modifications. This is consistent with a code-indexing workflow, but it is prescriptive and enforces a blocking step that can affect agent flows. The instructions operate on project files and expect reading many files and generating .trae artifacts—this behaviour is within the stated purpose.
Install Mechanism
Instruction-only skill (no install spec). A Python script is bundled; no external downloads or package installs are requested.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The script will create/modify local files (.trae/, codebase.db) and expects filesystem write access — that's proportionate to a local indexer.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It writes to project-local paths (e.g., .trae/) and manages its own DB; that is normal for this type of tool. The skill can be invoked autonomously (platform default) but that is not unusual by itself.
Assessment
This skill appears to be a local code-indexer and its requirements align with that purpose. Before allowing it to run: 1) Review the full scripts/codebase_manager.py for any subprocess/network calls (the visible portion imports subprocess but the file was truncated in the supplied content). 2) Expect the skill to create/modify .trae/ and a local SQLite DB (codebase.db) in your project — back up any important files if concerned. 3) If you run it, prefer doing so in a sandbox or a copy of the repository first. 4) If you do not want a tool writing runtime artifacts to the repo, decline or run it with a separate working directory. If you want higher assurance, provide the remaining portion of scripts/codebase_manager.py so it can be fully audited (particularly to confirm no network exfiltration or arbitrary shell execution).Like a lobster shell, security has layers — review code before you run it.
latestvk97dh664fsphj0gddrnhac2qqh82f5x2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.