Taku Review
PassAudited by ClawScan on May 12, 2026.
Overview
This is a transparent code-review skill that may run local repo commands and make small local fixes, with no evidence of hidden credentials, persistence, exfiltration, or remote execution.
This skill appears safe for its intended purpose. Before installing, understand that it may run local repository commands and may make scoped code edits for clear important findings; keep your work under git and review any changes before merging.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may change files in the working tree while reviewing code.
The skill is allowed to run shell commands and edit/write files. This is appropriate for diff review and auto-fixing, but it gives the agent local mutation capability.
allowed-tools: - Bash - Read - Edit - Write - Grep - Glob
Run it in a version-controlled repo, inspect the resulting diff, and ask the agent not to auto-fix if you only want a report.
Local git and verification commands may run in the repository during the review.
The skill instructs the agent to run local repository commands and, after auto-fixes, the smallest relevant verification. This is expected for a code-review skill and is not hidden.
Run the repo-appropriate equivalent of: ```bash git remote get-url origin 2>/dev/null git branch --show-current git status --short git diff --stat ```
Use it in repositories where running local review/build/test commands is acceptable, and review command output before relying on the result.