LogicArt Code Review
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to do what it says—send selected code to LogicArt for review—but users should know submitted code or repository content may leave their machine.
This skill is coherent for AI-assisted code review and does not show malicious behavior in the provided artifacts. Treat it like any third-party code analysis service: do not submit secrets, private source, or full repositories unless you are allowed to share them with the named provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any code or file selected for analysis, including proprietary code or embedded secrets, may be sent to LogicArt.
The helper transmits the provided code or selected file contents to an external LogicArt API. This matches the advertised code-analysis purpose, but it means user code is shared with a third-party service.
const API = 'https://logic.art/api/agent/analyze'; ... body: JSON.stringify({ code, language: language || 'unknown' })Only analyze code you are allowed to share with the provider, and remove secrets or sensitive snippets before submission.
Using the linked repository scanner could share a whole repository with another external service.
The documentation points users to a separate hosted service for full-repository scans. It is user-directed and not invoked by the included script, but full-repository analysis can expose much more private source code.
For scanning entire repositories, use Validate Repo: https://validate-repo.replit.app
Before using the full-repository service, verify what repository data will be uploaded, whether secrets are excluded, and whether the provider is acceptable for your code.