clawpatch-report-only
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx --yes clawpatch@latestto download and run the ClawPatch utility from the npm registry. This is the intended primary purpose of the skill and uses the vendor's own package to perform repository analysis. - [COMMAND_EXECUTION]: Several shell commands are invoked to interact with the ClawPatch CLI, including
doctor,init,map,review, andreport. These commands are scoped to the project root and a local state directory (.clawpatch). The skill includes safety rules that prohibit destructive operations (like fixing code, committing, or pushing) without explicit user intervention.
Audit Metadata