Promptify Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a private project, relevant file names and file contents may be read by the agent to improve the prompt.
The skill can inspect local project structure and read relevant files during codebase research. This is disclosed and aligned with optimizing project-specific prompts, but it gives the agent access to local code context.
Use Glob and LS to understand... Use Grep and Read to find...
Use +deep or codebase auto-detection only in projects you are comfortable sharing with the agent, and review the announced research scope.
Sensitive project names, internal APIs, or private details included in a prompt could become part of web-search queries if web research is used.
The skill may send prompt-derived topics to web search/fetch tools. This is disclosed and purpose-aligned for current best practices, but it can expose search terms derived from the user's prompt to external web tooling.
Use WebSearch for: "[technology] best practices 2025"... Use WebFetch - Retrieve specific documentation pages
Do not use +web, or remove sensitive identifiers first, when the prompt contains confidential information.
Running a generated clipboard command without checking it could fail or behave unexpectedly if the prompt text is not safely quoted.
The skill asks the agent to output a shell command for copying the optimized prompt to the clipboard. It is not instructed to execute the command automatically, but users should inspect any generated shell snippet before running it, especially if the prompt contains quotes or shell metacharacters.
2. `echo 'PROMPT' | pbcopy`
Prefer copying the prompt directly, or inspect and safely quote any generated pbcopy command before running it.