Superpowers Requesting Code Review
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherently focused on asking a subagent to review code diffs, with no install code, credentials, persistence, or destructive actions shown.
This appears safe to install as an instruction-only code-review workflow skill. Before using it, remember that the subagent may read the selected git diff and review context, so keep secrets and unrelated private conversation history out of the review prompt.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect code changes in the selected git range while performing the review.
The review template instructs the reviewer to use git diff commands to inspect changes. These are read-only and central to code review, but users should understand the agent may access repository diffs.
git diff --stat {BASE_SHA}..{HEAD_SHA}
git diff {BASE_SHA}..{HEAD_SHA}Use this skill on repositories and branches where it is acceptable for the agent/subagent to read the relevant code diff.
A subagent may receive code-review context, implementation details, requirements, and git commit ranges.
The skill intentionally passes task and code-review context to a subagent. The artifact clearly narrows the shared context and says not to share the full session history, making this purpose-aligned and bounded.
Dispatch a code-reviewer subagent to catch issues before they cascade. The reviewer gets precisely crafted context for evaluation — never your session's history.
Avoid including unrelated secrets or sensitive conversation history in the review context; keep the provided context limited to the code and requirements needed for review.