SIFS Search: Fast hybrid code search for agents
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed SIFS program will be trusted to inspect local source code.
The skill relies on installing and trusting an external SIFS binary from package managers; that is central to the purpose, but the binary's implementation is not included in the artifacts.
"install":[{"id":"brew","kind":"brew","label":"Install SIFS with Homebrew","tap":"tristanmanchester/tap","formula":"sifs"...},{"id":"cargo","kind":"cargo","label":"Install SIFS with Cargo","package":"sifs"...}]Install SIFS only from package sources you trust, and verify the upstream package separately before using it on sensitive repositories.
A saved profile could cause later searches to reuse the wrong project context or retain references to a sensitive repository.
The skill documents saving and later reusing a project search profile, so source selection or source-derived search context can persist across tasks.
sifs profile save current --source <project> --mode bm25 --offline --json sifs search "startup handshake" --profile current --json
Use explicit `--source` values, save profiles only when intended, and remove or avoid profiles for repositories whose context should not be reused.
Running this command could overwrite or change persistent project instructions used by future agents.
This optional troubleshooting command can force-install a managed agent instruction artifact into AGENTS.md, creating persistent changes to future agent behavior.
sifs agent install --target codex --artifact snippet --file AGENTS.md --force
Only run the AGENTS.md install step when the user explicitly wants it, prefer reviewing a dry run or diff first, and avoid `--force` unless necessary.