ClawHub

project-context-guide

v1.0.2

This skill should be used when users need to understand codebase structure, trace code decisions, analyze code dependencies and impact, identify code maintai...

0· 103·0 current·0 all-time
by@teamoplum
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise codebase analysis, Git history tracing, ownership tracking and impact analysis, which aligns with the included Python scripts (analyze_structure.py, dependency_mapper.py, git_inspector.py, ownership_tracker.py). The README/SKILL.md also mention optional integrations (Slack/Confluence/JIRA) and an impact_analyzer.py listed in SKILL.md that is not present in the code bundle — this is a documentation/feature mismatch (not evidence of hidden behavior) and should be verified if you expect those integrations.
Instruction Scope
SKILL.md instructs the agent to scan the project, analyze Git history, build dependency/ownership graphs, and answer queries about code context. The scripts implement these tasks and perform local file reads and git subprocess invocations. There are no instructions in SKILL.md that direct the agent to read unrelated system files or automatically send code to external endpoints.
Install Mechanism
No install spec is provided and the skill is instruction + script only. Nothing in the bundle downloads remote archives or writes arbitrary binaries to disk. The highest-risk install patterns are absent.
Credentials
The skill declares no required environment variables or credentials (good). Documentation and README contain examples and a code snippet showing an external API call (requests.get with an Authorization header placeholder); that snippet is illustrative only and not used by the included scripts. If you later enable integrations (Slack/Confluence/JIRA), those will require tokens — review and provision such secrets only when you intentionally enable those features.
Persistence & Privilege
Skill flags indicate it is user-invocable and not always-included; it does not request persistent platform privileges. The scripts operate on the project repository and do not modify other skills or global agent settings.
Assessment
This skill appears to do what it claims: local static analysis and Git-history inspection using the included Python scripts. Before installing/using it: 1) Note the scripts run git and read repository files (including git blame which exposes commit authors/emails) — run it only on repos you trust. 2) The docs mention external integrations (Slack/Confluence/JIRA) and include an illustrative requests.get snippet; those integrations are not implemented in the shipped scripts, but if you or someone else adds them later they will require API tokens and could transmit data externally. 3) Review the git subprocess usage (git_inspector.py and ownership_tracker.py) and the code for correctness (there are minor bugs/quirks in date handling and limits noted in comments). 4) If you need strict privacy, run the scripts offline in an isolated environment and audit any future changes that add network calls or secret handling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ew2ez487x7est31781a98mh8395g1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments