Residue Classifier
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The report may reveal private project structure, file names, and the absolute workspace path if the report is later shared or committed.
The script inventories all files under the current workspace and persists their relative paths in a local JSON report.
for path in sorted(WORKSPACE.rglob('*')): ... rows.append({'path': rel, ...}) ... REPORT.write_text(json.dumps(out, indent=2) + '\n')Run it only from the intended workspace, review `residue-classifier-report.json` before sharing, and delete or ignore the report if it contains sensitive file names.
Users may interpret the 'critical' wording as stronger security or governance evidence than the simple filename-based classifier can prove.
The tool can label a workspace state as critical based on unmatched-file counts and then show a paid Stripe upgrade link.
'critical residue anomaly detected; free classifier cannot safely resolve it' ... f'Residue Classifier Pro: {PRO_LINK}'Treat the paid upgrade prompt as marketing, review the generated reasons yourself, and do not purchase or act solely because the report says 'critical.'