Nm Pensive Unified Review
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches a code-review orchestrator, but it tells the agent to run an unprovided local Python helper and preserve review context, which users should review before allowing.
Before installing or using this skill, confirm whether you want the agent to run local commands during reviews. In particular, inspect or disable scripts/deferred_capture.py unless you know where it comes from, and run pytest only in a trusted or sandboxed repository.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
During a review, the agent could run a local script from the user's environment or repository that was not part of this reviewed skill package.
This is an imperative workflow step to execute a local Python script, but the supplied file manifest contains no such helper and there is no install spec. That makes the code to be executed unreviewed in this artifact set.
For each finding assigned to the backlog, run: ```bash python3 scripts/deferred_capture.py \
Do not allow automatic execution of scripts/deferred_capture.py unless you have inspected and trust that exact file. The skill should include the helper or require explicit user approval before running it.
If the reviewed repository is untrusted, running its tests can execute code on the user's machine.
Running tests is a normal code-review activity, but pytest executes project code and therefore has local execution impact.
**Verification:** Run `pytest -v` to verify tests pass.
Run tests only in a trusted checkout or sandbox, and ask the user before executing tests in unfamiliar repositories.
Multiple agents may receive code context, evidence, and findings during the review.
The skill intentionally shares review work across multiple subagents. This is coherent for orchestration, but it expands where repository context and findings may be processed.
Dispatch selected skills concurrently via the Agent tool.
Use this only in environments where the configured review agents are trusted to see the repository contents.
Review findings and possibly code context may be saved beyond the current session.
The skill directs persistence of review findings between cycles. That is useful for backlog tracking, but the artifacts do not define storage location, retention, or access controls.
Findings that are triaged to the backlog ... should be preserved so they are not lost between review cycles.
Clarify where deferred findings are stored and avoid persisting confidential code snippets unless the storage is trusted.