← Back to Skills Marketplace
Yaf Php Audit
by
Xavier Mary
· GitHub ↗
· v1.2.0
· MIT-0
202
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install yaf-php-audit
Description
Audit legacy PHP projects, especially Yaf-based PHP 7.3 codebases, for architecture issues, security risks, performance problems, compatibility risks, and ma...
Usage Guidance
This skill is coherent and appears to do what it says: local grep-based scanning and report generation for PHP/Yaf projects. Before using it, consider: 1) only run it against directories you intend to scan (it will recursively read project files and may surface secrets found in code into its reports); 2) choose a secure output directory (reports may contain snippets or matches that reveal API keys/passwords); 3) treat findings as first-pass heuristics — false positives/negatives are expected and manual review is required; 4) inspect the two provided scripts (scan_project.sh, scan_workspace.sh) if you have strict security policies — they are plain shell and do not perform network I/O. If you need the agent to audit sensitive repositories, ensure appropriate access controls and that report outputs are stored securely.
Capability Analysis
Type: OpenClaw Skill
Name: yaf-php-audit
Version: 1.2.0
The yaf-php-audit bundle is a legitimate static analysis tool designed to assist an AI agent in auditing legacy PHP projects. The included bash scripts (scan_project.sh and scan_workspace.sh) use standard utilities like grep and find to identify potential security vulnerabilities, performance bottlenecks, and hardcoded credentials within a target directory. There is no evidence of data exfiltration, intentional backdoors, or malicious prompt injection; the logic is transparent and strictly aligned with the stated purpose of generating structured audit reports.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description focus on auditing Yaf/PHP 7.3 codebases and the included files (checklist + bash scripts) implement exactly that: searching project files for dangerous patterns, structure checks, and producing local reports. Required binaries (bash, grep, find) are appropriate and proportional.
Instruction Scope
SKILL.md instructs the agent to inspect a target project and run the bundled scan scripts; the scripts only read files under the provided project/workspace root and produce local text/CSV/MD outputs. They do not attempt to read unrelated system config paths, invoke network calls, or transmit results to external endpoints.
Install Mechanism
No install spec — instruction-only plus two shell scripts. No downloads or package installs are performed by the skill. This minimizes disk-write/execution risks beyond the provided scripts.
Credentials
The skill declares no required environment variables, no credentials, and needs only standard CLI tools. There are no unrelated credentials or config paths requested.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. It only writes reports to output paths supplied by the user (or defaults under the workspace) and does not persist privileged configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install yaf-php-audit - After installation, invoke the skill by name or use
/yaf-php-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
Version 1.2.0
- Added explicit version, emoji, user-invocable flag, homepage link, and shell binary requirements to SKILL.md for better integration and discoverability.
- Enhanced compatibility notes, project applicability, and metadata in documentation.
- Updated and clarified README.md and checklist references to improve usability.
- Improving script documentation and options in scan scripts.
- General improvements for bulk audit workflows and output consistency.
v1.1.0
Initial public release: single-project audit reports, batch workspace scan, summary outputs, high-risk list, checklist, and README.
Metadata
Frequently Asked Questions
What is Yaf Php Audit?
Audit legacy PHP projects, especially Yaf-based PHP 7.3 codebases, for architecture issues, security risks, performance problems, compatibility risks, and ma... It is an AI Agent Skill for Claude Code / OpenClaw, with 202 downloads so far.
How do I install Yaf Php Audit?
Run "/install yaf-php-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Yaf Php Audit free?
Yes, Yaf Php Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Yaf Php Audit support?
Yaf Php Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Yaf Php Audit?
It is built and maintained by Xavier Mary (@xaviermary56); the current version is v1.2.0.
More Skills