Wave Project Evaluator
PassAudited by ClawScan on May 14, 2026.
Overview
This instruction-only skill is a project review and improvement workflow; it can read and modify project files, commit/revert changes, and save reports, but those actions are disclosed and generally require user confirmation.
This skill appears safe for its stated purpose. Before installing or using it, remember that it is not just a scoring rubric: it may inspect project files, propose edits, apply approved changes, create git commits, revert low-scoring changes, and save a report. Use it on projects you are comfortable exposing to the agent, review diffs before approving changes, and keep backups or version control enabled.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves an improvement, the agent may change files and commit or revert changes in the project repository.
The skill authorizes project file edits and git operations as part of its improvement workflow. This is purpose-aligned, but it affects the user's local project state.
执行改进(改代码/文档/配置)
2. git commit(`message: "project-eval: {项目名} 改进 {维度}"`)
3. 重新评分Review the proposed diff carefully before approving execution, and ensure the project is under version control or backed up.
The skill is designed to pause for user review before making changes.
The artifact includes a user-approval checkpoint before edits, which mitigates the risk from its file-modification authority.
**检查点**:展示改进方案给用户确认再执行。展示修改预览(diff 或具体改了什么)后等待用户确认。
Do not skip the confirmation step; ask for a diff or exact change list before allowing modifications.
Project names, paths, scores, and improvement notes may be saved in a persistent report.
The skill persists project evaluation summaries to a memory/report path. This is disclosed and useful for the workflow, but it may retain project details for later use.
输出结构化报告(同时写入 `memory/project-evals/<project>-<date>.md`)
Avoid running it on confidential projects unless you are comfortable with the resulting report being stored, or ask the agent not to write the memory report.