ClawHub

gstack-review-skill

v1.0.0

Garry Tan's gstack-inspired multi-perspective code review for OpenClaw. Triggered when user asks to review code, run /review, review a PR/branch/changes, or...

1· 92·0 current·0 all-time
by@klesenchang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (multi-perspective code review) match the instructions: the SKILL.md focuses on git diffs, reading changed files, running tests, lint/build, and producing CEO/Engineering/QA reviews. There are no unrelated environment variables, installers, or external service keys requested.
Instruction Scope
Instructions explicitly tell the agent to run git commands, read whole files from the repo, run tests (npm/pytest/cargo), lint, and build. That is coherent for an automated review, but running tests/builds executes repository code and arbitrary scripts — a security/operational risk in untrusted or sensitive environments. The SKILL.md does not instruct the agent to access external endpoints or secret env vars, nor to persist credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written to disk by the skill itself, which reduces installation risk.
Credentials
No environment variables, credentials, or config paths are requested. Required actions are limited to local repository files and standard dev tooling commands, which is proportionate to a code-review task.
Persistence & Privilege
always is false and there is no request to modify other skills or system-wide settings. The skill does not request permanent presence or extra privileges beyond running commands when invoked.
Assessment
This skill is internally consistent for a code-review tool: it reads repository files, diffs, and runs tests/builds to gather context and produce multi-perspective feedback. Before installing or invoking it, be aware that the runtime steps include executing project test/build commands which can run arbitrary code from the repository — avoid running it on highly sensitive machines or on untrusted repositories. If you want lower risk, require the agent to ask for explicit permission before running tests/builds, run reviews in a sandbox or CI environment, or use a read-only review mode (only read files and diffs, do not execute tests). No credentials or external downloads are requested by this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk975znrcvrftey4gkrjvyp67qn83qfsd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments