Safety Report

Code

Name: Code
Rating: 5 (14 reviews)
Author: ivangdavila

@ivangdavila

Coding workflow with planning, implementation, verification, and testing for clean software development.

6,694Downloads

53Installs

14Stars

6Versions

Workflow Automation3,323 Automated Testing538

Security Analysis

high confidence

Clean0.04 risk

This is an instruction-only coding-workflow skill that asks only to read/write a small ~/code/ memory file on explicit user request and otherwise stays local — its requirements and instructions align with its stated purpose.

Feb 19, 20267 files1 concern

Purpose & Capabilityok

The name/description (coding workflow, planning, verification, testing) match the files and runtime instructions. There are no unrelated required binaries, env vars, or installs; the only persistent artifact is a user-memory stored at ~/code/memory.md, which is reasonable for a code preferences helper.

Instruction Scopenote

Instructions are narrowly scoped to provide guidance, consult bundled reference files, read ~/code/memory.md, and access the user's project when needed. 'User's project' is somewhat vague (no explicit path rules), so in practice the agent may be permitted to read project files broadly — this is expected for a coding helper but users should be aware that project files can contain secrets.

Install Mechanismok

No install spec and no code files; the skill is instruction-only so nothing is downloaded or written by an installer. This is the lowest-risk install model.

Credentialsok

The skill requests no environment variables, credentials, or external config paths beyond a user-local ~/code/ directory. This is proportionate to a workspace-preferences/coding-workflow skill.

Persistence & Privilegeok

always is false, autonomous invocation not disabled (normal). The only persistent change described is writing ~/code/memory.md when the user explicitly requests; the skill states it won't modify its SKILL.md or other auxiliary files. No cross-skill or system-wide configuration changes are requested.

Guidance

This skill appears coherent and low-risk: it only stores explicit user preferences in ~/code/memory.md and otherwise provides local guidance. Before using it, (1) avoid asking it to save secrets or API keys into memory.md, (2) be aware that when you let it read your 'project' it may access any files in that project (which can include credentials or config), and (3) monitor the ~/code/ directory after first use to verify only the expected memory.md is created. If you need stricter guarantees, don't allow it to write files or restrict the project path it may read.

Latest Release

v1.0.4

Improved description for better discoverability

More by @ivangdavila

DOCX

18 stars

Market Research

18 stars

Excel / XLSX

13 stars

Data Analysis

13 stars

Office

11 stars

CMO / Chief Marketing Officer

11 stars

Published by @ivangdavila on ClawHub