ClawHub

Yaf Php Audit

v1.2.0

Audit legacy PHP projects, especially Yaf-based PHP 7.3 codebases, for architecture issues, security risks, performance problems, compatibility risks, and ma...

0· 153·1 current·1 all-time
byXavier Mary@xaviermary56
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description focus on auditing Yaf/PHP 7.3 codebases and the included files (checklist + bash scripts) implement exactly that: searching project files for dangerous patterns, structure checks, and producing local reports. Required binaries (bash, grep, find) are appropriate and proportional.
Instruction Scope
SKILL.md instructs the agent to inspect a target project and run the bundled scan scripts; the scripts only read files under the provided project/workspace root and produce local text/CSV/MD outputs. They do not attempt to read unrelated system config paths, invoke network calls, or transmit results to external endpoints.
Install Mechanism
No install spec — instruction-only plus two shell scripts. No downloads or package installs are performed by the skill. This minimizes disk-write/execution risks beyond the provided scripts.
Credentials
The skill declares no required environment variables, no credentials, and needs only standard CLI tools. There are no unrelated credentials or config paths requested.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. It only writes reports to output paths supplied by the user (or defaults under the workspace) and does not persist privileged configuration.
Assessment
This skill is coherent and appears to do what it says: local grep-based scanning and report generation for PHP/Yaf projects. Before using it, consider: 1) only run it against directories you intend to scan (it will recursively read project files and may surface secrets found in code into its reports); 2) choose a secure output directory (reports may contain snippets or matches that reveal API keys/passwords); 3) treat findings as first-pass heuristics — false positives/negatives are expected and manual review is required; 4) inspect the two provided scripts (scan_project.sh, scan_workspace.sh) if you have strict security policies — they are plain shell and do not perform network I/O. If you need the agent to audit sensitive repositories, ensure appropriate access controls and that report outputs are stored securely.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cay84q35rmphb8rncmxfqps84xdns

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsbash, grep, find

Comments