Autonomous Code Review
v1.0.0Automatically review code to detect critical bugs, security flaws, performance issues, and style violations as a first-pass code auditor.
⭐ 0· 64·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and checklist align with a first-pass automated code reviewer. The SKILL.md references running an 'openclaw' CLI and a GitHub Action that expects an OPENCLAW_API_KEY, but the skill manifest declares no required binaries or environment variables — a minor inconsistency (documentation/assumption about the platform) rather than evidence of hidden behavior.
Instruction Scope
Instructions focus on reviewing files, diffs, and repositories and give examples for CLI usage, pre-commit hooks, and CI. These actions are within the expected scope of an automated code-review tool. Note: the guidance implies scanning entire repositories (which may include sensitive files or credentials in source), which is expected but something the user should consciously permit.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. The document assumes an existing 'openclaw' runtime/CLI but doesn't install anything itself.
Credentials
The manifest requests no environment variables, but example integrations show a GitHub Action using secrets.OPENCLAW_API_KEY. If you plan to use the GitHub Action or any hosted OpenClaw service, you will likely need to provide that API key — the skill should have declared that but did not. There are no unexplained extra credentials requested by the skill itself.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. It is user-invocable and would run when invoked, which is appropriate.
Assessment
This skill is an instruction-only template for running an automated code review and appears coherent with that purpose. Before installing/using: (1) Confirm you have the 'openclaw' runtime/CLI the instructions assume; (2) expect to supply an OPENCLAW_API_KEY if you enable the GitHub Action or a hosted service — the skill didn’t declare this; (3) run the tool on non-sensitive or test repositories first, since full-repo scans can read secrets or configuration files; (4) combine the automated reports with human review for critical code paths. If you need a higher-assurance assessment, ask the publisher for implementation details or a signed release so you can verify what code (if any) will run.Like a lobster shell, security has layers — review code before you run it.
latestvk978nkpnvv9h53tkybkw7mj2ts83xkp0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.