Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Code Review
v1.0.0Multi-agent code review for pull requests. Checks for bugs, CLAUDE.md compliance, git history context, and previous PR comments. Uses confidence scoring to f...
⭐ 0· 48·0 current·0 all-time
byEmerson Braun@emersonbraun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly expects to drive GitHub via the gh CLI (view PRs, diffs, blame, post comments). However the top-level metadata lists no required binaries or primary credential. Declaring no required binaries or credentials is inconsistent with the skill's stated need to run gh and to post PR comments.
Instruction Scope
Instructions stay within code-review scope (read diffs, blame, previous PRs, CLAUDE.md rules, then post a gh pr comment). One internal contradiction: step 2 says to "Get file paths (not contents) of relevant CLAUDE.md files," but later steps require auditing against CLAUDE.md rules and double-checking CLAUDE.md text. That implies reading file contents, so the behavior is underspecified.
Install Mechanism
Instruction-only skill with no install spec or downloads. This minimizes surface area; nothing will be written to disk by an installer from the skill bundle itself.
Credentials
The skill will need GitHub credentials or a configured gh session to read PR data and to post comments (write access). Yet requires.env and primary credential are empty. The skill does not document the required auth scope (read vs write) or recommend limiting tokens, which is a proportionality/visibility gap.
Persistence & Privilege
always:false and no install hooks; the skill does not request permanent presence or system-wide changes. It will run only when invoked and relies on platform tooling (gh).
What to consider before installing
This skill appears to implement a reasonable multi-agent PR review process, but a few things don't add up — decide before installing. Key points to consider:
- gh CLI required: The SKILL.md expects to run gh (gh pr view, gh pr diff, gh pr comment, gh issue list/search). The skill metadata did not declare gh as a required binary. Ensure your agent environment actually has gh and understand that gh uses local auth (GH_TOKEN/GITHUB_TOKEN or gh auth) — the skill will need access to those credentials to read PRs and to post comments.
- Credentials and scopes: To post PR comments the agent needs write permission on the repository. The skill did not document required auth type or minimal scopes. Prefer creating a token with the narrowest possible scope and test in a non-production repo first.
- CLAUDE.md contradiction: The instructions say to get file paths but not contents for CLAUDE.md, yet later require auditing against CLAUDE.md rules (which requires reading contents). Clarify whether the skill will read CLAUDE.md contents and whether CLAUDE.md may contain sensitive info.
- Data access: The skill will read commit history, blame, previous PRs and modified file contents. Ensure you are comfortable with an automated agent accessing your repo history and posting comments automatically.
- Testing recommendation: Run the skill on a small, non-sensitive repository or a test PR to observe behavior and required permissions. Ask the skill author to explicitly declare required binaries (gh), required environment variables or token scopes, and to fix the CLAUDE.md read-vs-path inconsistency. If you need a stricter guarantee, require the skill to document exact gh commands and minimum GitHub token scopes before granting write access.
Confidence note: medium — the overall purpose is coherent but the missing declarations around tooling and credentials and the CLAUDE.md contradiction create unresolved risks. Additional information (explicit required binaries, exact auth requirements, or an updated SKILL.md that removes the contradiction) would raise confidence to high.Like a lobster shell, security has layers — review code before you run it.
latestvk977wwe967y1vafsw0k0v1epe184bzz4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.