Back to skill
Skillv1.0.0
ClawScan security
Review Vague Fixes · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 6:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only code-review guidance skill that is internally consistent with its stated purpose and requests no credentials, installs, or unusual access.
- Guidance
- This skill is low-risk and consistent with its description: it's just prose guidance for producing clearer code-review comments. You can install it without granting secrets or filesystem access. Keep in mind that if your agent is allowed to invoke skills autonomously, it may adopt stricter review behavior when using this guidance — test it on non-sensitive PRs first. If you want different tone or stricter/looser rules, edit the SKILL.md before enabling it.
Review Dimensions
- Purpose & Capability
- okThe name and description match the SKILL.md guidance: it provides concrete advice for making review comments actionable. There are no unrelated requirements (no env vars, binaries, or installs).
- Instruction Scope
- okSKILL.md contains only guidance for writing review comments and how to point to lines/behaviors; it does not instruct the agent to read sensitive files, exfiltrate data, call external endpoints, or access credentials. The scope stays within review-style recommendations.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This is the lowest-risk install model and appropriate for the skill's purpose.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That matches the simple, non-integrative nature of the guidance.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). There is no request for permanent or elevated presence or to modify other skills or system settings.