Superpowers Requesting Code Review
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for code review, but it does ask the agent to share project diffs and context with a one-time review subagent.
This skill appears safe for its stated purpose. Before using it, make sure the diff or prompt does not contain secrets or unrelated private code, and treat the spawned review subagent as another place where repository context may be visible.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A review subagent may inspect the repository context needed for review.
The skill instructs the agent to spawn another agent session with a project working directory. This is aligned with the code-review purpose, but users should notice that another agent may be given project context.
用 `sessions_spawn(mode="run")` 派发一次性审查 session ... cwd: "/path/to/project"
Use this skill on the intended repository, provide focused review context, and keep the review task read-only unless you explicitly want changes made.
Private code, requirements, or secrets accidentally present in diffs could be shared with the review subagent or written to a temporary review file.
The artifact describes passing diffs, summaries, and requirements to a separate review session and receiving output through session history or files. This is expected for review, but it creates an inter-agent data boundary users should understand.
派发前准备审查上下文(git diff、变更摘要、规格引用) ... 审查结果通过 session 历史或文件系统返回
Review the diff and prompt before dispatching, avoid including secrets, and limit the context to files relevant to the review.