Review Pr
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gitee-review-pr Version: 1.0.0 The skill bundle provides a standard workflow for performing code reviews on Gitee Pull Requests using the Model Context Protocol (MCP). The instructions in SKILL.md guide the agent through fetching PR details, analyzing diffs, and posting structured feedback via legitimate MCP tools (e.g., get_pull_detail, comment_pull), with no evidence of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post an AI-generated review to a Gitee PR under the configured account, which may be visible to collaborators or the public and could affect a development workflow.
This instructs the agent to publish a remote PR comment as the default workflow, but the artifact does not require an explicit user confirmation or preview before posting.
### Step 6: Post Review Comment Use `comment_pull` to post the review to the PR.
Change the workflow to draft the review in chat first, verify the exact repository and PR number, and only call `comment_pull` after the user explicitly approves posting.
PR reads and comments will use the permissions and identity configured in the Gitee MCP server.
The skill relies on a configured Gitee MCP server, which likely acts with the user's or workspace's Gitee permissions.
requires:
mcp-servers:
- giteeUse a least-privileged Gitee token or account and confirm which identity the MCP server uses before allowing the skill to post comments.
If a local `mcporter` binary is used, MCP calls depend on that local tool's behavior and provenance.
The skill prefers an optional local CLI helper that is not provided or version-pinned in the artifact set.
If you have `mcporter` installed locally, you should use `mcporter` to invoke the MCP tool instead of directly calling the MCP tool.
Only use a trusted, known installation of `mcporter`, or use the configured Gitee MCP tools directly.