Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
receiving-code-review
v2.56.0Process code review feedback critically: check correctness before acting, push back on incorrect suggestions, no performative agreement. Use when responding...
⭐ 0· 124·0 current·0 all-time
byIlia Alshanetsky@iliaal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: it's a guide for handling review comments. However the instructions assume access to repository data, git/grep/git-blame outputs and GitHub APIs (example: `gh api repos/{owner}/{repo}/pulls/{pr}/comments`) and project files like CLAUDE.md — capabilities that are not declared in the skill's requirements. These omissions are explainable (instruction-only skills often rely on the agent environment), but they should be explicit.
Instruction Scope
SKILL.md tells the agent to read the repo, compare diffs, grep for callers, consult git blame/log, and call the GitHub API; it also references agent tools (AskUserQuestion, pr-comment-resolver). These actions cross system/network boundaries and may read or transmit code and metadata. The instructions do not declare or constrain what credentials, endpoints, or binaries will be used, nor do they limit automatic changes (headless mode can classify AUTO-FIX items for dispatch).
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and no external packages are pulled. Low install risk.
Credentials
The skill declares no required environment variables, yet it instructs use of the GitHub API and repository operations that typically require a GITHUB_TOKEN and git/grep binaries. It also expects agent tools (AskUserQuestion, pr-comment-resolver). Requesting no env vars while assuming privileged access to repo and API is a mismatch and could lead to unexpected behavior if the agent has tokens.
Persistence & Privilege
always:false (good). The skill allows autonomous invocation (default) and headless-mode includes AUTO-FIX dispatch behavior; if the agent running the skill has push/PR permissions, this could result in automated changes. Autonomous invocation alone is expected, but combined with the undeclared access expectations above, it increases risk if you grant broad repo credentials to the agent.
What to consider before installing
This skill appears to be a helpful, instruction-only code-review assistant, but its runtime instructions assume access to repository files, git operations (grep, git blame), and the GitHub API (e.g., `gh api …`) as well as agent tools like AskUserQuestion and a pr-comment-resolver. Before installing or enabling it: 1) Verify which tools and credentials the agent will actually have (does it have a GITHUB_TOKEN, git/grep on PATH, GitHub CLI?). 2) Limit the agent's tokens to least privilege (read-only where possible) if you only want triage and not automatic fixes. 3) Confirm whether headless-mode AUTO-FIX actions will be allowed to push code or create PRs — if not desired, restrict or test in a sandbox repo. 4) If you expect the skill to run without network access or without modifying PRs, ask the publisher to explicitly declare required binaries, environment variables, and the exact agent tools it needs. If you cannot confirm these, treat the skill as untrusted for repositories containing sensitive code.Like a lobster shell, security has layers — review code before you run it.
latestvk977v7wkhgvk0r4m5p7jy2a2x584teh9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.