PR Code Reviewer
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only PR code-review skill, and the scanner's secret finding appears to come from intentionally bad example code rather than an active credential.
This appears safe to install as an instruction-only code-review helper. Before using it in real PR automation, verify the omitted/reference rule files and ensure any CI or Bitbucket/GitHub integration you add uses appropriately scoped permissions and human review for merge decisions.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less publisher/source context than they would with a linked repository, though the supplied artifact set does not execute code.
The skill's provenance is limited, but the same artifacts show there is no installer or code execution path in the supplied package.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included rule files for fit with your team before adopting, and prefer a known repository or publisher provenance if available.