Nm Sanctum Pr Review
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: nm-sanctum-pr-review Version: 1.0.2 The skill bundle is a comprehensive and professionally structured framework for automated PR reviews using GitHub (`gh`) and GitLab (`glab`) CLIs. It includes specialized modules for version validation, code hygiene, and educational feedback. While the skill performs extensive shell-based text processing (using `jq`, `awk`, and `grep`) and interacts with repository APIs, all actions are strictly aligned with the stated purpose of PR analysis, backlog triage, and knowledge capture. No evidence of data exfiltration, unauthorized persistence, or malicious prompt injection was found; the instructions focus on identifying legitimate security flaws (e.g., CWE-89, CWE-22) in the target code rather than introducing them.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish comments, submit a review, approve or request changes, or otherwise affect a PR under the user's account.
The module documents GitHub write operations, including PR review submission with approve/request-changes options and an instruction to always post a summary comment. The shown flow does not include an explicit user approval gate before posting.
EVENT="COMMENT" # or "REQUEST_CHANGES" or "APPROVE" ... gh pr review $PR_NUMBER ... 3. **Always post a summary comment** with all findings aggregated
Use a dry-run/preview workflow by default and require explicit confirmation before posting comments, submitting reviews, approving/requesting changes, or creating backlog issues.
The skill may act with whatever repository permissions the logged-in gh/glab account has, including on private repositories or protected review workflows.
The skill relies on GitHub/GitLab CLIs, which typically use the user's locally authenticated account. The registry metadata declares no primary credential, so the delegated account authority is not clearly bounded in the declared credential contract.
Platform detection is automatic via `leyline:git-platform`. Use `gh` for GitHub, `glab` for GitLab.
Before use, verify the logged-in account, use least-privilege tokens where possible, restrict the target repository/PR, and require confirmation for any write action.
Private repository details, architectural decisions, reviewer names, and review findings may be retained for future use.
The module can persist PR review findings, repository context, and participant information into a project review chamber. The documented require_confirmation setting is a mitigating control, but persistence is still important to notice.
"auto_capture": true, "capture_threshold": 60, "require_confirmation": true ... participants: [author, reviewers...]
Keep confirmation enabled, use `--no-capture` for sensitive PRs, and redact secrets or confidential details before allowing knowledge capture.
A manipulated or incomplete plan/spec file could cause the agent to down-rank real issues as out-of-scope or overlook scope creep.
The skill treats repository plan/spec/task files as authoritative scope sources. In PR review, those files may be changed by the PR author, so they can steer the agent's understanding of what is in scope.
Plan file: Most authoritative ... find specs -name "plan.md" ... cat plan.md ... Spec file: Requirements definition
Cross-check scope against trusted sources such as the issue, ticket, base-branch requirements, or maintainer instructions, and treat repository text as evidence rather than instructions to obey.
Installing or relying on the external plugin may introduce additional behavior not represented by this instruction-only artifact set.
The scanned package is instruction-only and the registry version is 1.0.2, while the skill frontmatter says 1.9.5 and references a fuller external plugin experience. This is a provenance/context note rather than evidence of malicious behavior.
version: 1.9.5 ... For the full experience with agents, hooks, and commands, install the Claude Code plugin.
If using the full plugin, review and pin that plugin separately; do not assume this scan covers its agents, hooks, commands, or dependencies.