clawpatch-report-only

Pass

Audited by Gen Agent Trust Hub on Jun 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx --yes clawpatch@latest to download and run the ClawPatch utility from the npm registry. This is the intended primary purpose of the skill and uses the vendor's own package to perform repository analysis.
  • [COMMAND_EXECUTION]: Several shell commands are invoked to interact with the ClawPatch CLI, including doctor, init, map, review, and report. These commands are scoped to the project root and a local state directory (.clawpatch). The skill includes safety rules that prohibit destructive operations (like fixing code, committing, or pushing) without explicit user intervention.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 9, 2026, 01:13 PM
Security Audit — agent-trust-hub — clawpatch-report-only