xfire Security PR Review
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for security review, but its credential requirements are broader than its own usage text appears to need.
Before installing, verify the xfire package source and consider pinning a version. Provide only the AI provider key you intend to use, use a least-privilege GitHub token only when needed, avoid running it on code you cannot share with external AI providers, and manage cache/auth/debug files carefully.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expose more third-party API and GitHub credentials to the tool environment than necessary for the specific review they want to run.
The credential contract asks for all three AI provider keys plus a GitHub token and auth/config/cache paths, while the setup text says only one AI provider is needed. This is broader authority than the documented workflows appear to require.
requires:\n env: [ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, GITHUB_TOKEN, XFIRE_CONFIG_PATH, XFIRE_CACHE_DIR, XFIRE_AUTH_PATH]\n...\n- At least one AI agent CLI or API key configured:
Require only the selected provider credential and request a GitHub token only for GitHub PR workflows. Document minimum GitHub scopes and which auth/cache paths contain sensitive material.
Private source code, diffs, or secrets accidentally present in the repository may be transmitted to external AI services.
The core workflow sends user code to multiple external AI providers. This is clearly disclosed and purpose-aligned, but it is a sensitive data flow.
xfire sends your code to 3 AI agents (Claude, Codex, Gemini) independently
Use only on code you are allowed to share with those providers, check provider data-retention policies, and avoid including secrets in diffs or repositories.
Code snippets or review context may remain on disk after the review and could be reused or exposed later if the cache is shared or poorly protected.
The tool can persist review context or intent in a cache directory. This fits the purpose, but the visible artifact does not describe retention, cleanup, or reuse boundaries.
`--cache-dir` | str | None | `XFIRE_CACHE_DIR` | Cache directory for context/intent persistence
Set the cache directory to a protected location, clear it when no longer needed, and document exactly what is stored and for how long.
The behavior ultimately depends on the external package version installed from the package index.
The skill depends on installing an external package by name, without a pinned version in the visible instructions. This is normal for a CLI-based skill but means the runnable code is outside the reviewed artifact.
Install: `pip install xfire`
Install from a trusted source, pin a known-good version, and review the package provenance before granting credentials.
If enabled, review results may be posted publicly or to a team-visible PR under the user's GitHub authority.
The tool can mutate a GitHub PR by posting a comment. It is documented and defaults to false, so this is purpose-aligned but still a user-visible account action.
`--post-comment` | bool | False | — | Post review as GitHub PR comment
Use dry-run or output-to-file first, review the report, and enable PR comments only with a least-privilege GitHub token.