Wip Repo Init
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wip-repo-init Version: 1.9.72 The skill is a repository scaffolding tool designed to create a standardized 'ai/' directory structure for project management. The core logic in 'init.mjs' uses standard Node.js file system modules to copy templates and safely move existing directories to a backup location without data loss. There are no network calls, no execution of external payloads, and no evidence of prompt injection or data exfiltration; all behaviors are strictly local and consistent with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on the wrong path, especially with --yes, it can reorganize an existing ai/ folder in that repository.
The CLI acts on a user-supplied or current directory, can skip confirmation with --yes, and renames an existing ai/ folder before scaffolding the new structure.
const targetRepo = resolve(process.argv[2] || process.cwd()); ... const forceYes = process.argv.includes('--yes') || process.argv.includes('-y'); ... renameSync(aiDir, tmpOld);Run with --dry-run first, verify the target path, and avoid --yes unless you are sure the repo is correct and backed up or under version control.
Internal notes, plans, logs, or discarded drafts placed there may remain in the repo and be read by future humans or agents.
The generated ai/ folder is intended to become persistent project context and encourages retaining rather than deleting files.
Plans, notes, ideas, dev updates, todos. Everything that isn't code lives here. ... **Never delete anything.** Move to `_trash/`
Do not store secrets or sensitive conversation logs there unless the repo and retention policy are appropriate; periodically review archived _trash content.
A user might incorrectly assume the ai/ folder is automatically excluded from public repos or deployments.
The template includes privacy/publishing wording, but the provided scaffolder only creates local files and does not itself enforce repo privacy or publication exclusions.
This folder only exists in `-private` repos. It never ships to public.
Verify your repo privacy, .gitignore, and deployment/publishing rules separately before putting private material in ai/.