pr-reviewer

The OpenClaw skill `pr-reviewer` is designed for automated GitHub PR code review, utilizing `gh` CLI and Python. It is classified as suspicious due to critical vulnerabilities rather than malicious intent. Specifically, the `scripts/pr-review.sh` script allows arbitrary file writes if the `PR_REVIEW_STATE` or `PR_REVIEW_OUTDIR` environment variables are set to sensitive paths (e.g., `/etc/passwd`), as there is no path sanitization or restriction. Additionally, there is a potential for shell injection in the `run_local_lint` function, where filenames obtained from GitHub PRs are directly expanded into `ruff` and `golangci-lint` commands, which could lead to arbitrary command execution if a malicious actor crafts a PR with specially named files containing shell metacharacters. No evidence of intentional data exfiltration, persistence, or obfuscation was found.