Back to skill
Skillv1.0.0
ClawScan security
Create Pr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 8:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instructions, required capabilities, and requested access align with a Gitee PR-creation helper — nothing disproportionate or unrelated is requested.
- Guidance
- This skill appears coherent for creating Gitee pull requests through a configured MCP server. Before installing/using it: ensure your platform's Gitee MCP credentials are correct and scoped appropriately (the skill will create PRs and can append 'closes #N' to close issues), review any generated PR title/body before the skill submits it, and avoid granting broader repo permissions than necessary. If you do not want the agent to create PRs autonomously, keep the skill user-invocable only and require explicit confirmation from you before calling create_pull.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description match its instructions: it builds a PR title/body from a repo diff and calls Gitee MCP operations (compare_branches_tags, create_pull, etc.). Requiring a configured Gitee MCP server is appropriate for this purpose.
- Instruction Scope
- okSKILL.md limits actions to fetching diffs, analyzing changes, generating a title/body, and invoking create_pull. It does not instruct reading unrelated system files, environment variables, or posting to external endpoints outside the declared MCP tools. It explicitly states to ask the user if information is missing.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded during install.
- Credentials
- okNo environment variables or extra credentials are requested by the skill itself. It depends on a pre-configured Gitee MCP server (platform-managed credentials), which is proportionate for creating PRs.
- Persistence & Privilege
- okalways is false and disable-model-invocation is not set to force disable; the skill is user-invocable and may be invoked autonomously by the agent (normal platform behavior). The skill does not request persistent system-wide privileges or modify other skills' configs.