ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

code-review

v2.56.0

Structured code reviews with severity-ranked findings and deep multi-agent mode. Use when performing a code review, auditing code quality, or critiquing PRs,...

0· 127·0 current·0 all-time
byIlia Alshanetsky@iliaal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md repeatedly uses git commands (git rev-parse, git diff, git ls-files) and a GitHub CLI-style call (gh api repos/{owner}/{repo}/pulls/{pr}/comments), and it expects running the project's test/lint suites. However, the skill metadata declares no required binaries, no required env vars, and no config paths. At minimum this should declare git (and likely gh or an HTTP ability) as required. The requested actions (running tests, calling GH API, dispatching agents) are plausible for a code-review skill, but the declared capabilities don't match what the instructions require.
!
Instruction Scope
Instructions direct the agent to run repository commands (git diff/stat, git ls-files), call the GitHub API, execute the project's test/lint suites (by inferring CI commands), and dispatch the full diff to multiple specialist agents and a red-team. These steps are in-scope for a review tool, but they also: 1) implicitly run arbitrary project code (test suites) which may execute scripts or access secrets, and 2) transmit the full diff to other agents (potentially external) which increases data-exposure risk. The SKILL.md does not clarify where parallel agents or the red-team run (locally vs remote service) or how sensitive data is handled.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That limits disk-level risk (nothing gets downloaded or executed by an installer). However, because the instructions assume git/gh and running the project's test suite, the environment must provide those capabilities — which should be declared.
Credentials
The skill does not request environment variables or credentials explicitly. That is appropriate for a code-review skill. However, its recommended actions (running CI/test commands and calling the GH API) may require credentials (GH token, cloud service creds used by tests) or expose secrets present in the diff/configs. The SKILL.md does not warn about those implicit needs or require explicit consent/verification.
Persistence & Privilege
The skill does not request persistent presence (always:false) and has no install actions. Autonomous invocation is allowed (platform default). The main concern is that deep-review mode dispatches parallel agents and a red-team pass and instructs them to receive the full diff and findings — increasing the number of places the repository content is sent. The SKILL.md does not specify whether those agents run locally or use external APIs/models, nor does it describe retention/handling of the diff or derived findings.
What to consider before installing
This skill appears to implement a thorough code-review process, but there are a few things to confirm before you install or run it: 1) Required tools: the instructions use git and GitHub CLI-style commands (gh). Ask the author to declare required binaries (git, gh) and any needed network access. 2) Where agents run: the skill dispatches diffs to multiple "specialist" and a red-team agent — verify whether those agents run locally inside your environment or on an external service/storage; if external, your code and secrets could be transmitted off-host. 3) Running tests: the review asks to run the project's test/lint suite, which executes project code and may read secrets or call external services. Only run the skill in an isolated environment (CI worker, container, or sandbox) if you can't confirm what tests do. 4) GitHub access: fetching PR comments and other metadata implies GH API access and likely a token; confirm how tokens are provided and ensure least privilege. 5) Ask for explicit declarations: require the skill to list needed binaries, any environment variables or tokens it will use, and a description of where multi-agent work executes and how data is retained. If these clarifications are not provided, treat the skill as higher-risk and avoid running it on repositories or data you consider sensitive.

Like a lobster shell, security has layers — review code before you run it.

latestvk97262vps0n2bqpv45e1xngep584ta87

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments