编程语言迁移
PassAudited by ClawScan on May 15, 2026.
Overview
This appears to be a coherent code-migration workflow, but it will scan an entire project, write persistent migration state, run local helper/test commands, and make repeated target-code changes.
This skill is reasonable for its stated purpose, but run it like any powerful code-migration workflow: use a clean branch or sandbox, remove secrets or production credentials from the project tree, inspect helper scripts if possible, and review the generated YAML state and code diffs before relying on the migrated project.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less information about where the skill package came from.
The registry metadata does not identify a source repository or homepage, so users have less provenance context for the included artifacts. No hidden remote installer or dependency is shown.
Source: unknown Homepage: none
Review the visible artifacts and helper scripts before use, especially if applying the skill to important or private repositories.
Local scripts, builds, or tests may run and affect files in the working tree.
The skill intentionally uses local command/script execution when available. This is aligned with scanning and verifying a code migration, but it means the agent may run commands in the project workspace.
In full_mode: use bash scripts for scanning, run `scan_assets.py` directly.
Use a clean git branch, container, or disposable workspace; review commands and diffs before trusting the migrated output.
Project structure, analysis notes, and migration decisions may remain in workspace files and influence future agent behavior.
The workflow stores migration state on disk and expects future sessions or agents to read it. This is useful for resumability but can preserve project details or stale/poisoned state.
State persists across sessions — all state lives in YAML files in the workspace, readable by any AI agent or human
Keep migration_workspace under version control or review it regularly, avoid including secrets in the source tree, and reset the workspace if it may have been edited by untrusted parties.
An automated migration loop could make many related changes before a person reviews them.
The skill describes an autonomous review-and-fix loop that may repeatedly modify migration outputs. This is purpose-aligned, but a wrong assumption could propagate across many files.
The AI enumerates all expected outputs, audits each one, fixes any gap, and re-audits — until zero findings. Only then is the phase marked DONE. No human involvement.
Commit often, review diffs at each phase gate, and avoid running the workflow directly on irreplaceable or production code.