Skillv1.0.0

ClawScan security

code-reviewer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 3:51 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (static Python scripts that analyze repos), but there are mismatches and missing declarations (notably lack of declared required binaries like git/Python and an unknown source) that warrant caution before installing.
Guidance: This skill contains reasonably straightforward Python scripts that analyze a repository and produce reports — that matches its description — but exercise caution before installing: - Source verification: there is no homepage or upstream repo listed. Prefer skills with a known source or inspect the full script contents yourself. - Runtime dependencies: the metadata claims no required binaries, but the scripts call the git CLI and are Python programs. Ensure your environment has Python and git available; the skill should have declared those dependencies. - Data exposure: the tools read file contents and diffs (they will see any secrets in a repo). They do not appear to transmit data externally, but you should review the scripts for any network calls before running them on sensitive repositories. - Local testing: run the scripts locally on a non-sensitive repository first (python scripts/pr_analyzer.py . --json) to verify behavior and outputs. - Autonomy: the skill can be invoked autonomously by the agent (normal default). If you are concerned, only allow manual invocation or inspect/disable autonomous invocation settings. If you want to proceed, review the three included Python files for any unexpected subprocess or network usage and confirm git/Python are available; if you cannot verify the source, treat it as untrusted code and run it in an isolated environment.

Review Dimensions

Purpose & Capability: concernThe code-reviewer name/description aligns with the included Python scripts (PR analysis, quality checks, report generation). However the skill metadata declares no required binaries or environment variables while the shipped scripts clearly expect a Python runtime and call the git CLI via subprocess. The absence of a declared dependency on git/Python and lack of a homepage/source repository is an incoherence worth flagging.
Instruction Scope: okSKILL.md instructs the agent to run the included scripts against a repository path (diffs, commit messages, file contents). The instructions stay within the stated purpose: reading repository files, diffs and generating reports. They do not instruct reading unrelated system files or exfiltrating data to external endpoints.
Install Mechanism: okThere is no install specification; the skill is instruction+script based and does not download external artifacts. This minimizes install-time risk. The shipped scripts will be executed locally when invoked.
Credentials: concernThe skill declares no required environment variables or credentials, and the scripts do not appear to access secrets managers or remote APIs. However, they will read repository contents (including any secrets stored in the repo) and call the git CLI; the metadata should have declared required binaries (git, Python). The missing declaration is an inconsistency that could lead to unexpected failures or hidden assumptions.
Persistence & Privilege: okalways:false and no install hooks are present. The skill does not request permanent system presence or modify other skills. It executes local scripts and subprocesses but does not autonomously persist credentials or reconfigure the agent.