Wip Repo Init
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a straightforward local scaffolding tool that creates or reorganizes an ai/ folder, with no evidence of hidden network access, credential use, or destructive behavior.
This looks safe for its stated purpose. Before installing or running it, confirm the target repository, try --dry-run first, avoid --yes unless you are confident, and do not rely on the generated templates as proof that ai/ is private or excluded from publication.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on the wrong path, especially with --yes, it can reorganize an existing ai/ folder in that repository.
The CLI acts on a user-supplied or current directory, can skip confirmation with --yes, and renames an existing ai/ folder before scaffolding the new structure.
const targetRepo = resolve(process.argv[2] || process.cwd()); ... const forceYes = process.argv.includes('--yes') || process.argv.includes('-y'); ... renameSync(aiDir, tmpOld);Run with --dry-run first, verify the target path, and avoid --yes unless you are sure the repo is correct and backed up or under version control.
Internal notes, plans, logs, or discarded drafts placed there may remain in the repo and be read by future humans or agents.
The generated ai/ folder is intended to become persistent project context and encourages retaining rather than deleting files.
Plans, notes, ideas, dev updates, todos. Everything that isn't code lives here. ... **Never delete anything.** Move to `_trash/`
Do not store secrets or sensitive conversation logs there unless the repo and retention policy are appropriate; periodically review archived _trash content.
A user might incorrectly assume the ai/ folder is automatically excluded from public repos or deployments.
The template includes privacy/publishing wording, but the provided scaffolder only creates local files and does not itself enforce repo privacy or publication exclusions.
This folder only exists in `-private` repos. It never ships to public.
Verify your repo privacy, .gitignore, and deployment/publishing rules separately before putting private material in ai/.