Review
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only code review skill is broadly coherent with its stated purpose, but users should know it runs local project commands, edits spec checkboxes, and may use project/session search tools if available.
This skill appears safe for its intended use as a final code review and quality gate. Before installing, be aware that it may execute your project's own test/build/lint scripts, edit acceptance checkboxes in spec.md, and use available MCP search/context tools. Use a sandbox for untrusted repositories and review any file changes before committing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this on an untrusted repository could run code from that repository on the user's machine.
The skill directs the agent to run local project commands. This is expected for a final review skill, but those commands may execute project-controlled scripts.
Run the full test suite ... make test ... npm test -- --coverage ... uv run pytest ... swift test
Run the skill only on trusted projects or inside a sandbox/container when reviewing unfamiliar code.
The review may change acceptance-criteria checkboxes in the repository, which could affect later pipeline status or human interpretation of completion.
The skill is allowed to mutate project documentation during review. The action is scoped and disclosed, but it is more than a read-only quality report.
Update spec.md checkboxes. After verifying each criterion, use Edit tool to change `- [ ]` to `- [x]` in spec.md.
Review any spec.md edits before committing them, and ensure checkbox updates are backed by real implementation and test evidence.
Past-session or cross-project context could influence the review or expose information from other projects if the connected MCP tools provide it.
The skill can use retrieved session/project context from MCP tools. This is purpose-aligned for review assistance, but retrieved context can include stale, sensitive, or misleading information.
`session_search(query)` — find past review patterns and common issues; `project_code_search(query, project)` — find similar code patterns across projects
Use only trusted MCP backends and verify findings against the current project files before acting on them.