Repo Explorer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you point it at a private repository, code and documentation from that repository may be read into the assistant session.
The skill depends on an MCP server to fetch and search repository contents. This is expected for the stated Gitee repository exploration purpose, but it means repository data, potentially including private code, is handled through the configured MCP connection and agent context.
Requires Gitee MCP Server to be configured (tools: `get_file_content`, `search_files_by_content`, `list_user_repos`)
Use it only with Gitee MCP configurations and repositories you trust, and avoid asking it to inspect files that may contain secrets unless necessary.
The assistant may prefer a locally installed helper if available; the safety of that helper depends on what is installed on your system.
The skill references an optional local helper CLI that is not part of the install spec. The artifact does not instruct installation or hidden execution, so this is only a provenance/operational note.
If you have `mcporter` installed locally, you should use `mcporter` to invoke the MCP tool instead of directly calling the MCP tool.
Only allow use of `mcporter` if it is installed from a trusted source and you understand how it connects to your MCP tools.