Codebase Argus
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: codebase-argus Version: 0.1.0 The codebase-argus skill is a playbook for an AI agent to perform GitHub PR reviews, CI log analysis, and repository synchronization. While it handles sensitive credentials (GitHub tokens and AI API keys) and performs Git operations, SKILL.md contains multiple explicit safety guardrails, such as instructions to never print tokens, never push/merge without explicit user consent, and avoid overwriting target branches. The requested permissions and environment variables are consistent with its stated purpose of codebase management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the npm commands may execute package scripts or review code that ClawScan did not inspect here.
The registry entry is instruction-only, so these commands depend on code from an external checkout that was not included in the reviewed artifacts.
From a Codebase Argus checkout: npm install npm run argus -- review owner/repo#123
Install only from a trusted repository or pinned commit, inspect package scripts and lockfiles first, and prefer a sandboxed environment.
These credentials can expose private repositories, CI logs, provider accounts, or GitHub App authority if over-scoped or mishandled.
The skill documents optional GitHub, GitHub App, and AI-provider credentials used for private repositories, Actions logs, provider review, and webhook deployment.
GITHUB_TOKEN=<read-only-token> ... OPENAI_API_KEY=<key> ... ANTHROPIC_API_KEY=<key> ... GEMINI_API_KEY=<key> ... GITHUB_APP_PRIVATE_KEY=<pem-or-escaped-pem>
Use least-privilege tokens, restrict GitHub App installation to intended repositories, avoid broad write permissions, and follow the skill’s instruction not to print or write tokens to files.
If deployed with excessive permissions or exposed to untrusted command use, the automation could create unwanted PR comments or labels.
The webhook can post PR review comments, add inline comments, and mutate a pause label. This is disclosed and bounded, but it affects GitHub collaboration state.
posts COMMENT reviews only, and can add inline comments when ARGUS_WEBHOOK_INLINE_COMMENTS=true ... /argus pause applies `argus:paused`; automatic review skips PRs with that label.
Deploy with minimal GitHub App permissions, restrict comment commands to trusted users where possible, and keep automatic actions limited to comment-only review unless explicitly approved.
Private code, PR diffs, or CI logs could be shared with configured AI providers or local CLI agents.
The playbook supports sending code-review evidence to external API providers or multiple local/remote agent providers.
Both upstream and downstream workflows can send the same evidence package to one provider or a multi-agent tribunal.
Use provider review only when allowed by your repository’s data policy, avoid including secrets in logs, and use local CLI providers only in trusted workspaces as the skill advises.
After deployment, the automation may continue posting review comments on future PR events until paused, disabled, or uninstalled.
A deployed webhook server is intended to operate continuously on GitHub PR events. The behavior is disclosed, signature-verified, and pausable.
For automatic PR review, the deployed Next.js server exposes: POST /api/github/webhook
Deploy only when ongoing PR automation is desired, monitor its comments, use the pause/resume controls, and remove the webhook or app installation when no longer needed.