Residue Classifier
PassAudited by ClawScan on May 6, 2026.
Overview
This skill appears to be a local, non-destructive workspace file classifier, but users should notice that it creates a persistent file inventory report and includes a paid upgrade prompt.
This appears safe to run as a local, non-destructive classifier. Before installing or using it, be aware that it scans the entire current directory tree and writes a report containing file paths and your workspace path. Run it from the correct folder, review the report before sharing or committing it, and treat the Stripe upgrade message as optional marketing rather than required remediation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The report may reveal private project structure, file names, and the absolute workspace path if the report is later shared or committed.
The script inventories all files under the current workspace and persists their relative paths in a local JSON report.
for path in sorted(WORKSPACE.rglob('*')): ... rows.append({'path': rel, ...}) ... REPORT.write_text(json.dumps(out, indent=2) + '\n')Run it only from the intended workspace, review `residue-classifier-report.json` before sharing, and delete or ignore the report if it contains sensitive file names.
Users may interpret the 'critical' wording as stronger security or governance evidence than the simple filename-based classifier can prove.
The tool can label a workspace state as critical based on unmatched-file counts and then show a paid Stripe upgrade link.
'critical residue anomaly detected; free classifier cannot safely resolve it' ... f'Residue Classifier Pro: {PRO_LINK}'Treat the paid upgrade prompt as marketing, review the generated reasons yourself, and do not purchase or act solely because the report says 'critical.'