Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cann Review
v4.2.1CANN 代码审查技能。用于审查 GitCode 上的 CANN 项目 PR。 当用户提到"审查 PR"、"代码审查"、"cann review"或提供 GitCode PR 链接时触发。 自动分析代码变更,检查内存泄漏、安全漏洞和可读性,生成结构化报告并发布评论。
⭐ 1· 474·1 current·1 all-time
by@hzrky
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's purpose (automated review and posting comments on GitCode PRs) is coherent with the included scripts and docs. HOWEVER the published metadata declares no required environment variables/credentials while SKILL.md and many scripts clearly require a GITCODE_API_TOKEN (and optionally GITCODE_API_BASE). This metadata omission is an inconsistency: an installed skill that posts comments to repositories should explicitly declare the credential it needs.
Instruction Scope
Runtime instructions and scripts perform repository enumeration, fetch PRs and diffs via the GitCode API, generate reports, and post comments. They also read and write local state and config files (~/.openclaw/workspace/skills/cann-review/config/, .review-state.json, .pending-reviews.json) and include automation features (cron/OpenClaw gateway invocation). The skill references additional environment variables (CANN_REVIEW_REPOS, CANN_REVIEW_NOTIFY_CHANNEL/TARGET, GITCODE_API_BASE) and even single-user-specific mention scanning (looking for @newstarzj). The instructions therefore go beyond a simple on-demand reviewer: they support scheduled autonomous scanning and posting, and reference local config/state not declared in metadata.
Install Mechanism
There is no install spec in the registry (instruction-only), which lowers supply-chain risk from remote downloads. However the package contains many executable shell/python scripts and a post-install script; installing the skill will place these files in the workspace and the post-install script may prompt for setup. Review those scripts before running them. No external download URLs or obscure installers were found in the provided files.
Credentials
The skill requires a GitCode personal access token to operate (GITCODE_API_TOKEN), but the registry metadata did not declare any required env vars or a primary credential. Additional optional env vars and config files are used (CANN_REVIEW_REPOS, CANN_REVIEW_NOTIFY_CHANNEL/TARGET, GITCODE_API_BASE). Because the skill can post comments and modify repository state, the token should be clearly declared and the minimum-needed scopes should be enforced. The mismatch between declared requirements and actual runtime needs is a red flag.
Persistence & Privilege
always:false (no forced inclusion). The skill includes cron/auto-review scripts that run periodically and write local state files (.review-state.json, .pending-reviews.json). It can be configured to add cron jobs (including via a local OpenClaw gateway API call) and will autonomously post comments to PRs when a token is provided. Autonomous commenting is coherent with the feature set but increases blast radius if the token is overprivileged or the skill is misconfigured.
What to consider before installing
This skill appears to implement an API-based GitCode PR reviewer and includes many helper scripts to scan repositories, persist state, schedule periodic runs, and post comments. Before installing or enabling automatic runs: 1) Inspect the scripts (gitcode-api.sh, auto-review*.sh, post_comment.py) to confirm behavior and remove any hardcoded tokens or unwanted targets. 2) Provide a GitCode token with the least privilege needed (prefer read-only for dry runs; if you must allow posting, grant only the narrowest write scope and consider a dedicated bot account). 3) Note the metadata omission: the registry did not declare GITCODE_API_TOKEN as required — assume the skill needs it. 4) Run initial tests in dry-run mode or against a test repository and review the outputs and any network calls. 5) If you enable scheduling/cron, run it in an isolated account or limit repositories in config/repos.conf. 6) Rotate the token after testing and ensure config/gitcode.conf has 600 permissions. If you need greater assurance, ask the publisher for an explicit manifest update that declares required env vars and explains automatic posting behavior. Confidence is medium because the code matches the stated purpose but the metadata mismatch and autonomous posting features increase risk.Like a lobster shell, security has layers — review code before you run it.
auto-reviewvk9775watqmxskba9k67haaabz583rrjzautomationvk97e0pzn3bp65vt01zrhjhchn9827ezecannvk97e0pzn3bp65vt01zrhjhchn9827ezecode-reviewvk97e0pzn3bp65vt01zrhjhchn9827ezegitcodevk97e0pzn3bp65vt01zrhjhchn9827ezelatestvk9775watqmxskba9k67haaabz583rrjz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.