Skillv1.0.0

ClawScan security

Code Review Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 2:50 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions clearly expect repository and CI/issue-tracker access (gh/glab/git, test coverage, issue history), but the skill declares no required binaries, credentials, or config — the declared requirements are inconsistent with what the SKILL.md asks the agent to do.
Guidance: Before installing or using this skill, confirm how it will run and what credentials it needs. Specific recommendations: - Ask the publisher to declare required binaries (git, gh, glab) and required environment variables (e.g., GITHUB_TOKEN, GITLAB_TOKEN) or to state explicitly that it will only operate on local repositories without network calls. - If you grant it access to remote PRs/issues/CI artifacts, use least-privilege, read-only tokens scoped to the specific repo(s) and avoid organization-wide tokens. - Because SKILL.md permits gathering file history and test coverage, assume the agent could read repository files (including .env or other secrets) — run reviews in a sandboxed environment if the repo contains secrets you must protect. - Require an explicit statement from the author about whether any data will be transmitted off-host. If the skill will call external APIs beyond GitHub/GitLab, get details and URLs. - Prefer human-in-the-loop operation: don't give the skill persistent or automatic access to private repos until you can audit a run and validate outputs. If the publisher cannot clarify the above, treat the skill as untrusted and avoid providing credentials or access to sensitive repositories.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (code review) matches the actions described in SKILL.md (diff analysis, security/performance passes). However, SKILL.md expects use of external CLIs and services (gh, glab, git, CI/test coverage, issue trackers) even though the registry metadata lists no required binaries, no required env vars, and no required config paths. That mismatch is incoherent: a real PR review integration usually needs at least git + gh/glab and possibly API tokens.
Instruction Scope: concernRuntime instructions tell the agent to run commands that access repository diffs, file history, test coverage, related issues, and previous reviews. Those are within the normal scope of a code-review assistant, but the instructions are vague about how to obtain test coverage and 'related open issues' (which implies API access). The SKILL.md gives broad, open-ended guidance (gather file history, tests, related issues) that could lead the agent to access many repository files (including secrets) or call external APIs without constraints.
Install Mechanism: okInstruction-only skill with no install spec — minimal disk/write footprint from the skill itself. This lowers code-install risk. However, the agent will run user-system commands (git/gh/glab) when invoked, which is normal for this type of skill but still requires the host environment to have those tools and credentials configured.
Credentials: concernNo environment variables or credentials are declared, yet SKILL.md expects operations that commonly require credentials (reading private PRs or issues via 'gh'/'glab' requires configured auth tokens or GitHub/GitLab CLI config). The skill may also need access to CI artifacts or coverage reports (additional tokens or CI read access). Absence of any declared required env vars or config paths is a significant omission and reduces transparency about what secrets the skill will need.
Persistence & Privilege: okThe skill is not always-enabled and doesn't request persistent installation hooks. Model invocation is allowed (default), which is normal. There is no indication it modifies other skills or global agent settings.