Code Review Engine
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: afrexai-code-reviewer Version: 1.0.0 The skill instructs the AI agent to execute shell commands using the `gh` and `git` CLIs, as detailed in the 'Integration Patterns' section of `SKILL.md`. While these commands are directly relevant to the stated purpose of code review, this capability introduces a significant prompt injection/shell injection vulnerability. If user-provided inputs (e.g., repository names, PR numbers, branch names) are not rigorously sanitized by the agent's underlying execution environment, a malicious user could potentially inject arbitrary shell commands, leading to remote code execution. There is no evidence of intentional malicious behavior (such as data exfiltration or persistence mechanisms) within the skill's instructions themselves, classifying it as suspicious due to the inherent vulnerability rather than outright malice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read local code or diffs that could contain proprietary code or secrets.
The skill is expected to inspect local repository state or files to perform code review. This is purpose-aligned, and no destructive or write commands are shown.
Review the staged changes in this repo
Use it only on repositories, files, and diffs you intend the agent to review, and avoid including unrelated sensitive files.
If used with an authenticated GitHub account, the agent may access PRs or repository data available to that account.
Using the GitHub CLI may rely on the user's existing GitHub authentication and repository permissions. That is expected for PR review, but it can expose private repository content to the reviewing agent.
**GitHub & local git integration** — works with `gh` CLI or raw diffs
Confirm the active GitHub account and repository before use, and prefer least-privilege access for automated review workflows.
If scheduled, the skill could repeatedly review new PRs without a separate prompt for each PR.
The README describes possible scheduled, recurring operation. No persistence mechanism or automatic installation is shown, and SKILL.md indicates auto_trigger is false, so this appears to require user configuration.
**Heartbeat/cron ready** — auto-review new PRs on a schedule
Only enable scheduling with explicit repo scope, clear frequency, and review/notification controls.
It is harder to verify the publisher's source history or compare future updates.
The registry metadata does not provide a source repository or homepage for independent provenance review. The skill is instruction-only, which limits install-time supply-chain risk.
Source: unknown; Homepage: none
Install only if you trust the registry publisher, and re-check the skill instructions after updates.