Skillv0.1.3

ClawScan security

code-review-for-gitcode · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 13, 2026, 3:24 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with a GitCode PR code-review tool; there are a few implementation/consistency issues but no evidence of unrelated credential access or covert exfiltration.
Guidance: This skill appears to be a legitimate GitCode PR review tool, but check a few things before running it with real credentials: - Provide a least-privilege GitCode token (repo or minimal scope) and prefer a machine/service account rather than a personal token. The scripts require a token passed on the command line. - Verify the API endpoints: some code uses https://gitcode.com/api/v5 while other files and the documentation reference https://api.gitcode.com/api/v5. Confirm which domain your GitCode instance uses and update the script accordingly to avoid accidental requests to an unintended host. - Confirm file paths/output locations: SKILL.md expects temp/ files in the repo, but review_pr.py creates an OS temp dir (tempfile.mkdtemp) and format_review.py defaults to formatted_review.json in cwd. Decide where temporary/output JSON should live and ensure the workflow (Step1→Step3→Step4→Step5) reads/writes consistent filenames/locations. - Review and test locally in an isolated environment (or sandbox) on a non-production repo to validate end-to-end behavior and to preview comments before posting to live PRs. post_review.py prints a preview but will post comments when run — be careful to avoid noisy/accidental posts. - Inspect network endpoints if you have an internal GitCode or self-hosted domain to ensure all calls go to expected hosts (raw.gitcode.com / api.gitcode.com). If you need to audit further, open the full review_pr.py (truncated in the manifest) to confirm there are no hidden network calls. If you want, I can: (1) list the exact places to change the base_url and file paths to make the workflow consistent; (2) produce a small checklist/commands to safely test the skill against a sample PR without posting comments.

Review Dimensions

Purpose & Capability: okThe name/description (GitCode PR code review) align with the included scripts: automated scanning (review_pr.py), helper for finding line numbers, formatting (format_review.py), and posting comments (post_review.py). No unrelated environment variables, binaries, or external services are requested beyond GitCode API/raw endpoints, which is proportional to the stated purpose.
Instruction Scope: noteSKILL.md instructs downloading diffs/files, running the provided scripts, and posting comments to GitCode — all expected. However, SKILL.md mandates placing temporary files under a repo-local temp/ directory, while the main review_pr.py uses tempfile.mkdtemp() (system temp) and the format/post scripts default to writing/reading files in the current working directory. There are also small field-name/format assumptions across steps (e.g., issues use keys like 'line' vs 'position') that may cause runtime mismatch; these are implementation bugs rather than scope creep.
Install Mechanism: okNo install spec; this is instruction + bundled scripts only. No external archives or installers are fetched by the skill itself. That minimizes install-time risk. The code does perform network calls at runtime (GitCode API/raw endpoints).
Credentials: okThe skill does not declare required env vars and accepts a GitCode token as a CLI argument, which the scripts use to call GitCode APIs and download raw files. Requesting a GitCode access token is expected and proportionate. There are no requests for unrelated credentials or system secrets.
Persistence & Privilege: okThe skill does not request permanent inclusion (always:false). It writes temporary and output JSON files and posts comments to PRs when invoked — expected behavior. It does not modify other skills or system-wide configuration.