Workspace Org
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong directory, files could be moved into the skill's files/ layout and existing paths may change.
The apply helper can move files within the chosen workspace when explicitly run with --execute. This matches the skill's purpose and is dry-run by default, but it is still local file mutation authority.
parser.add_argument("--execute", "-x", action="store_true") ... a["source"].rename(a["target"])Run the dry run first, confirm the workspace path, and only use --execute after reviewing the planned moves.
Files placed in inbox/outbox may be read or acted on by other agents using the same workspace convention.
The skill defines local folders for agents to exchange deliverables. This is purpose-aligned, but users should treat these folders as shared handoff locations.
**Cross-agent handoff**: sender writes to `files/outbox/`, receiver picks from `files/inbox/`.
Avoid placing secrets or untrusted executable content in shared handoff folders unless that sharing is intended and reviewed.