Skillv1.0.0

ClawScan security

code-review-skill-agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 7, 2026, 12:56 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and behavior are coherent with its stated purpose (automated backend code review); it is instruction-only, requests no credentials, and does not install anything.
Guidance: This skill is internally consistent and low-risk from an install perspective because it is instruction-only and requests no secrets. Before enabling it, consider: 1) the agent running the skill will read repository files (including any accidental secrets), so only grant it access to repos you trust; 2) if you do not want the agent to run reviews autonomously, set disable-model-invocation=true or require explicit user invocation; 3) the SKILL.md enforces process rules (e.g., requiring a '// Generated by skills.' marker) that may cause rejections—ensure your repo follows the referenced AGENTS.md and skills/skill-enforcement.skill.md conventions; 4) test the skill in a safe sandbox or with a limited-scope repo first to confirm behavior matches your expectations.

Purpose & Capability: okThe name and description (code review of backend changes per AGENTS.md) match the SKILL.md instructions: open repository files, compare changes against AGENTS.md and skills/skill-enforcement.skill.md, check tests, architecture, security, and produce findings. There are no unrelated environment variables or binaries requested.
Instruction Scope: noteThe instructions explicitly tell the agent to read repository files (AGENTS.md, skills/skill-enforcement.skill.md, changed source/tests). This is appropriate for code review, but it means the agent will access arbitrary repo contents — which could include secrets or other sensitive files if present. The enforced requirement for a '// Generated by skills.' marker is an operational policy embedded in the instructions (not a security issue), but could cause false rejections if the repo uses different markers.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There is no disproportionate credential demand.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or modify other skills or system-wide settings. It remains user-invocable and can be allowed or disabled per normal agent controls.