Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PR Review Loop
v1.0.0Autonomous PR review loop with Greptile. Use when an agent creates a PR and needs to autonomously handle code review feedback — reading Greptile reviews, fixing issues, pushing fixes, re-triggering review, and auto-merging when score is 4/5+. Trigger on commands like "pr review {url}", "review my PR", or when a Greptile review webhook/poll delivers feedback.
⭐ 0· 757·3 current·3 all-time
byCem S@cemoso
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (autonomously reading Greptile reviews, applying fixes, pushing, re-triggering reviews, and merging) matches the SKILL.md and the included script. However, the package metadata declares no required binaries or credentials even though the workflow and scripts clearly rely on gh (GitHub CLI), git, jq, grep/flock and an authenticated GitHub identity capable of pushing/merging. This omission is an incoherence that affects safety decisions.
Instruction Scope
SKILL.md and the script instruct the agent to read files/lines referenced by reviewer comments, modify code, commit, push, and auto-merge under heuristics (including force_merge after max rounds). That behavior is within the stated purpose but grants broad autonomous write/merge authority and discretionary fixes. The doc also says to 'ping Master on Telegram' for escalations but provides no mechanism or declared credentials for doing so.
Install Mechanism
There is no install spec (instruction-only + small script), which is lower risk from arbitrary downloads. However, required runtime tools (gh, jq, git, flock) are expected but not declared or installed; the skill assumes they exist on PATH.
Credentials
The skill implicitly requires a GitHub-authenticated environment (GH CLI auth or GITHUB_TOKEN) with push/merge rights for target repos, but no required env vars or primary credential are declared. It also references Telegram for escalation without declaring how to authenticate. Requesting or expecting high-privilege repo credentials without declaring them is disproportionate and should be made explicit.
Persistence & Privilege
always:false (good). The skill stores review-state.json in the workspace (benign). Nevertheless, its runtime operations (commits, pushes, merges, branch deletion) require significant repository privileges; consider restricting tokens/scopes and human oversight for architectural/force-merge cases.
What to consider before installing
Before installing: 1) Confirm that the agent environment will have gh (GitHub CLI), git, jq, and flock available; the skill does not declare these dependencies. 2) Carefully plan GitHub credentials: the skill needs an authenticated identity with push/merge rights — only grant the minimum scopes and prefer a repo-scoped service account or installation token. 3) Decide and enforce merge policy: the script auto-merges on heuristics (score≥4, or force-merge after 5 rounds or same score repeats) — if you want human approval for merges or architectural changes, disable autonomous merges or require escalation. 4) Provide/inspect escalation channels: SKILL.md mentions Telegram but provides no auth mechanism; clarify how alerts are sent and what credentials are involved. 5) Test in a sandbox repository first to ensure behavior matches expectations. 6) If the skill owner is unknown/trust is low, consider requiring manual invocation only (do not allow autonomous invocation) or review the code thoroughly. Additional information that would raise confidence to 'benign': explicit declared runtime requirements (binaries and env vars), a known/trusted source, and clear, limited GitHub token scope and an audited escalation mechanism.Like a lobster shell, security has layers — review code before you run it.
latestvk978sbr590zz4abrkb8gefgk6s813753
License
MIT-0
Free to use, modify, and redistribute. No attribution required.