Br Risk Analyzer
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only code review skill is purpose-aligned, but it will inspect scoped project code and persist project understanding for future analyses.
This skill appears benign for scoped code-risk review. Before installing or invoking it, be aware that it may read code and requirements you point it at and may save project understanding for later analyses; provide narrow paths and clear review boundaries for sensitive repositories.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read project source files and related requirements while performing the review.
The skill directs the agent to search and inspect repository code. This is necessary for a code-risk review, but it means the user should keep the requested repository/module scope explicit.
Use semantic search/grep/glob to locate: entry points ... core Services ... persistence layers ... message handling
Invoke it only on repositories and paths you intend to review, and provide clear scope limits in the prompt.
Details about requirements, code structure, or identified risks may persist in the skill's project-understanding file and influence future reviews.
The skill intentionally stores project knowledge and prior analysis for later reuse. This is disclosed and purpose-aligned, but it can retain sensitive project context across sessions.
Store analysis results and project understanding in `resources/project-understanding.md`; Update accumulated knowledge for future risk assessments
Avoid using it on confidential projects unless persistent local notes are acceptable; review or clear `resources/project-understanding.md` when needed.