Clean Code
PassAudited by ClawScan on May 1, 2026.
Overview
This is a benign clean-code guidance skill with no code or credential access, though users should review broad refactors and trust the install source.
This skill appears safe as a code-style and refactoring guide. Before installing, make sure you trust the source of any npx command you run. When using it for refactoring, keep your project under version control and review the agent's proposed changes, especially if it updates dependent files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A cleanup or refactor request could result in changes across multiple project files, not just the file the user first mentioned.
The skill tells a coding agent to update dependent files, so a refactor may touch more than the initially requested file. This is aligned with safe refactoring, but it increases the blast radius if the agent makes an incorrect change.
- Edit the file AND all dependent files in the same task - Never leave broken imports or missing updates
Use version control and ask the agent to show a plan and diff before applying broad refactors.
If a user manually runs these install commands, they rely on the external package/source being trustworthy at that time.
The installation documentation includes user-run commands that fetch/install from external sources, including an unpinned GitHub branch path and a latest-tag package invocation. The artifacts do not show automatic execution, but users should trust the source before running these commands.
npx add https://github.com/wpank/ai/tree/main/skills/testing/clean-code ... npx clawhub@latest install clean-code-review
Install through the trusted registry path when possible, and verify the source or pin a known version before running npx-based installation commands.