ClawHub
Back to skill
v1.1.0

Code Reviewer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

This instruction-only code-review skill is coherent and non-mutating, with a noteworthy optional mode that may share code with another model and log a review trail.

GuidanceThis skill appears safe for normal code-review use and does not modify files. Before using --dual or enabling review-trail logging, make sure the code can be shared with the configured second model and that any stored review records are acceptable for your confidentiality needs.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Primary reviewer (main agent) → spawns second-model sub-agent with target file/diff

The optional --dual workflow shares the reviewed code artifact or diff with a second model/sub-agent. This is purpose-aligned for cross-model review, but users should notice the additional model/provider data flow.

User impactIf --dual is used, proprietary or sensitive code may be sent to another configured model environment according to the agent platform’s routing and retention settings.
RecommendationUse --dual only when the code is appropriate to share with the configured second model, and prefer the default single-model review for highly sensitive code unless provider and retention settings are acceptable.
Memory and Context Poisoning
SeverityInfoConfidenceMediumStatusNote
SKILL.md
Log the review trail when the surrounding workflow calls for evidence.

The skill may create a review trail containing findings, decisions, and possibly code context. This is conditional and purpose-aligned, but it may persist sensitive review information outside the immediate response.

User impactSensitive code details or security findings could be retained in logs if the surrounding workflow enables review-trail logging.
RecommendationConfirm where review trails are stored, who can access them, and whether sensitive snippets should be redacted before enabling logging.