ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart PR Review

v1.0.1

Opinionated AI code reviewer — not a yes-machine. 6-layer deep review (logic, edge cases, performance, security, maintainability, architecture) with Devil's...

0· 69·0 current·0 all-time
by@fullstackcrew-alpha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be an opinionated code reviewer (PR/diff/commit/file modes) which matches the instructions and reference files. However the registry metadata lists no required environment variables or install steps while the README and index.ts clearly expect GITHUB_TOKEN, GITHUB_WEBHOOK_SECRET and optionally an ANTHROPIC_API_KEY (for AI calls) and Node dependencies. That mismatch (no declared creds vs code requiring them) is disproportionate and inconsistent.
Instruction Scope
SKILL.md instructs the agent to run git/gh commands, read the three references, chunk diffs, write temporary findings to /tmp, and use web fetch/agent tools. Those actions are coherent for a reviewer. It does not instruct reading unrelated system files, but it will access repository contents, run CLI commands, and write temp files — expected but worth noting because sensitive diffs may be sent to external AI endpoints.
Install Mechanism
There is no install spec (instruction-only), which is lower risk, but README and index.ts include a self-hosting path that requires npm dependencies (hono, tsx) and environment variables. The absence of an install spec in registry metadata vs explicit self-host instructions in README/index.ts is an inconsistency to be aware of.
!
Credentials
Registry metadata claims 'required env vars: none', yet index.ts and README expect GITHUB_TOKEN and GITHUB_WEBHOOK_SECRET (and README also suggests ANTHROPIC_API_KEY). Those credentials are necessary for webhook automation and posting reviews; the skill should declare them. Requiring a GitHub token and an AI API key is proportionate to a webhook/auto-reviewer, but the omission in metadata is an incoherence and increases risk of accidental credential exposure if users assume none are needed.
Persistence & Privilege
always:false (normal). The skill includes a webhook/self-hosting server (index.ts) that, if run, will persistently accept GitHub events and post reviews using a GitHub token. Autonomous invocation by the agent is allowed by default; combined with the credential issues above this increases blast radius if misconfigured, but there is no explicit request for system-wide modification or other skills' configs.
What to consider before installing
What to check before installing or running this skill: - Metadata vs code mismatch: The registry says 'no env vars required' but README/index.ts expect GITHUB_TOKEN and GITHUB_WEBHOOK_SECRET (and possibly ANTHROPIC_API_KEY). Treat those as required if you plan to run the provided webhook server. - If you only want ad-hoc local reviews via the agent/gh CLI path, you do not need to run the server, but the skill will run gh/git commands and read repository files and diffs — ensure you run it in the intended repo and understand it may send diffs to an external model endpoint. - Inspect index.ts (complete file) before running: search for any network endpoints beyond api.github.com and your configured AI provider (Anthropic/OpenAI). Confirm the code only sends review content to those expected endpoints. - Principle of least privilege: If you run the webhook, give GITHUB_TOKEN the minimum scope needed (repo:status/repo:pulls as applicable) and keep the webhook secret private. Run the service in an isolated environment. - Sensitive-data handling: The skill will transmit code and diffs to external AI services if configured (e.g., ANTHROPIC_API_KEY). Do not expose proprietary or secrets-containing diffs to external models unless you accept that risk. - If you plan to self-host: follow README's npm/install steps (they are not in registry metadata). Audit dependencies and run in a controlled environment. - If you expect a purely instruction-only skill, be cautious — the presence of index.ts and webhook instructions means there is optional server behavior that requires credentials. Ask the publisher or inspect the full code to confirm exactly where data is sent and what is persisted. If you want, I can: (1) scan the full index.ts for outgoing endpoints and model API usage, (2) highlight every place environment variables are read, or (3) list concrete minimal GitHub token scopes needed for safe operation.
index.ts:88
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976my9smztk2kx2w6r8x3jzds83bg9y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments