Back to skill
Skillv1.0.7
ClawScan security
Code Dev · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 28, 2026, 2:05 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's Git workflow instructions are sensible for a repo-centric development helper, but the metadata and SKILL.md disagree about required tools/permissions and the runtime instructions spawn subagents that will read/write the repository and invoke other skills — these inconsistencies and the autonomous subagent behavior warrant caution.
- Guidance
- This skill appears to implement a sensible Git workflow, but there are a few red flags you should consider before installing or enabling it: - Metadata mismatch: the registry claims no required binaries/env, but SKILL.md requires git, the GitHub CLI (gh) and optionally GITHUB_TOKEN, and expects read/write access to the repo. Ask the author to correct the metadata so requirements are explicit. - Subagent execution: the skill uses sessions_spawn to run a subagent that will read files, run commands, push branches, and create PRs. Only allow it on repositories you trust and when you understand exactly what the subagent will run. - Credentials: if you provide a GITHUB_TOKEN, the skill can push branches and create PRs on your behalf. Use a token with minimal scopes (repo:public_repo or narrow scopes) and avoid using high-privilege tokens. - Review invoked skills: the skill will call a separate code-review skill. Verify what that skill does before allowing chaining. - Safer practices: run the skill only when explicitly user-invoked (not autonomously) for the first runs; test it in a disposable fork/branch; inspect its behavior in a dry-run mode if possible. If you need to proceed, ask the author to update the manifest to list required tools and optional envs transparently and to document exactly what sessions_spawn tasks will be executed.
Review Dimensions
- Purpose & Capability
- noteThe declared purpose (standard Git dev workflow: branch → develop → PR → review) matches the instructions (git commands, PR creation, tests, reviews). However the registry metadata lists no required binaries or env vars while SKILL.md explicitly requires git and gh and mentions an optional GITHUB_TOKEN and read/write access to the working directory — this mismatch is incoherent and should be corrected.
- Instruction Scope
- noteThe SKILL.md directs the agent to search and read repository files, run git/gh commands, create branches, push and create PRs, run a code-review sub-skill, and spawn subagents. Those actions are within the skill's stated purpose, but spawning subagents and invoking other skills grants substantial discretion over repository contents and review processes; the instructions also instruct broad file-reading (grep/find) which is expected for code understanding but is powerful and should be authorized by the user.
- Install Mechanism
- okThis is an instruction-only skill with no install steps or downloaded code, so there is no install-time execution risk.
- Credentials
- noteSKILL.md reasonably references an optional GITHUB_TOKEN for GitHub operations; no other secrets are requested. But the registry claims 'Required env vars: none' while SKILL.md names tools and an optional token — this discrepancy reduces transparency. Requesting GITHUB_TOKEN would be proportionate if PR creation/push is intended.
- Persistence & Privilege
- concernThe skill requires read/write access to the project directory and instructs spawning subagents to execute tasks (sessions_spawn). While always:false and model invocation is allowed by default, the combination of autonomous subagent execution and repository write/push steps increases blast radius if misused. The skill also invokes an external 'code-review' skill, expanding its runtime authority.