Code Review Cycle
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The artifacts describe a transparent code-writing and review workflow; the main risks are expected workspace edits and sharing code context between selected agents.
This appears safe for its intended purpose. Before installing or invoking it, be aware that it is designed to let a coding agent change files in your workspace and to pass code-review context between selected agents. Use version control, review diffs, and avoid including secrets in prompts or code snippets.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The selected coding agent may modify project files, and optional rounds can repeat that process within the user-specified limit.
The skill intentionally grants the coding role file-write authority, which is central to the stated code-review-cycle purpose but can still affect the user's workspace.
| **A (Coder)** | 写代码、改文件、实现功能 | ✅ 可写文件 |
Use the skill in a version-controlled workspace, keep --rounds low or at 0 unless you want automatic iterations, and review diffs before merging.
Private code, diffs, or task details may be visible to both the coding and review agents selected for the workflow.
The workflow passes A's generated output or code-change context to B for review, which is expected for this skill but means both selected agents may see the task and code context.
"task": "Review 以下代码改动...代码内容:[粘贴 A 的输出]"
Only use agents and workspaces appropriate for the sensitivity of the code being reviewed.
Conversation history may contain implementation details, review comments, or code snippets from the workflow.
The skill discloses that the main session retains workflow history for traceability; this is purpose-aligned but may include code-review context.
主会话作为调度器,保留所有历史便于追溯
Avoid including secrets in prompts or diffs, and clear or manage session history according to your normal privacy practices.