ClawHub

Code Review Automation

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to be coherent code-review tooling, but it asks for broad GitHub credentials that are not declared in the registry metadata and may send PR code diffs to Claude.

Review this skill before installing. If you use it, prefer a fine-grained read-only GitHub token limited to the target repository, keep `.env` out of source control, and avoid Claude-based review for code you cannot share with Anthropic. Pin dependencies if you need reproducible or audited execution.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse
Medium
What this means

A broad GitHub token could expose more repository access than needed if the token is mishandled or if future code paths use it beyond read-only review.

Why it was flagged

A classic GitHub PAT with `repo` scope is broad authority for repository access, while the visible feature set is mainly reading PR metadata/diffs and producing local review output. This credential requirement is also not declared in the registry metadata.

Skill content
Generate a new token (classic)
3. Select `repo` scope (required for full functionality)
Recommendation

Use a fine-grained, least-privilege GitHub token scoped to the specific repository and read-only PR/content permissions where possible; the skill metadata should declare `GITHUB_TOKEN` and `ANTHROPIC_API_KEY`.

#ASI07: Insecure Inter-Agent Communication
Medium
What this means

Private source code, comments, or secrets present in a PR diff may be included in LLM analysis.

Why it was flagged

The PR diff is gathered and passed into the Claude-backed analysis flow, which is expected for the skill but may involve sending private code changes to an external LLM provider.

Skill content
diff_content = repo_ops.get_pr_diff_content(pr_number)

            # Analyze with Claude
            analyzer = PRAnalyzer()
            analysis = analyzer.analyze_pr(pr, diff_content)
Recommendation

Only run LLM review on repositories whose code you are allowed to share with Anthropic; use non-LLM security/style checks or `--skip-llm` when external code sharing is not acceptable.

#ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Future package updates could change behavior or introduce dependency vulnerabilities.

Why it was flagged

The runtime command resolves unpinned third-party Python packages. This is normal for a Python CLI skill, but unpinned dependencies can change over time.

Skill content
command: uv run --with PyGithub --with anthropic --with rich --with typer --with python-dotenv python -m code_review.cli
Recommendation

Pin package versions and include a lock file or install spec so users get a reproducible dependency set.