ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Task Review Workflow

Standard PR review and merge workflow for task-driven development. Use when reviewing a programmer agent PR linked to a task, deciding merge vs change reques...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 535 · 1 current installs · 1 all-time installs
byMd. Mushraful Hoque Anik@anikgnr
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the instructions: the SKILL.md describes how to review PRs, decide outcomes, perform merge-time housekeeping, and hand off results. All requested actions (review diffs, run tests, delete branches, move task cards) are consistent with a review workflow. Minor mismatch: the workflow expects a REVIEW_CHECKLIST.md and Trello post-merge steps but the skill does not include or declare those resources.
Instruction Scope
Instructions are narrowly scoped to PR review tasks (read PR and linked task, run tests, leave comments, merge or request changes, post-merge cleanup). They reference checking out branches, running tests/lints, reading REVIEW_CHECKLIST.md, and moving a Trello card — all reasonable for this workflow but they implicitly require repository and Trello access that the skill does not describe.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. Nothing will be written to disk by an installer provided by this skill.
Credentials
The SKILL.md calls for actions that may require credentials (git write/merge rights, and Trello API or UI access to move cards). The skill declares no required environment variables or credentials; this is not harmful but users should be aware additional credentials or separate skills will be needed for automated branch deletion and Trello updates.
Persistence & Privilege
always:false and no install or persistent config changes. The skill does not request elevated platform privileges or permanent presence.
Assessment
This skill is an instruction-only PR review checklist and looks coherent, but before installing consider: (1) Ensure the agent/environment that will run this skill actually has repository access and the right to check out branches, run tests, and perform merges — grant the minimum necessary permissions. (2) The workflow references a REVIEW_CHECKLIST.md that isn't included; make sure that file exists in your repo or provide the checklist. (3) Post-merge Trello actions will require Trello access (API key/token or another Trello integration); the skill doesn't request credentials, so plan how the agent will authenticate (or perform the Trello steps manually). (4) If you want fully automated merges and branch deletions, audit who/what has merge rights and consider gating merges behind CI. If you want more assurance, request the skill author to document exact repo/Trello integration requirements or provide a version that declares needed environment variables.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk979w0wewzfq497g2z7378amgn818p84

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Task Review Workflow

Follow this workflow in order for every task-linked PR.

1) Gather Context

  • Read the PR description.
  • Open and read the linked task before reviewing code.
  • Confirm expected behavior and acceptance criteria from the task context.

2) Review Against Standard

  • Use REVIEW_CHECKLIST.md as the mandatory review baseline.
  • Check correctness, edge cases, regressions, security, performance, and test adequacy.

3) Review the Diff Thoroughly

  • Review file-by-file.
  • Flag logic flaws, unsafe assumptions, missing validation, unclear naming, dead code, and side-effect risks.

4) Validate Locally When Possible

  • Check out the PR branch.
  • Run relevant test/lint/build commands.
  • Exercise changed behavior directly where practical.

5) Write Clear Review Feedback

  • Leave actionable, specific CR comments.
  • Separate must-fix issues from optional suggestions.

6) Decide Outcome

  • If issues remain: request changes with a concrete fix list.
  • If quality is acceptable: approve/merge with a short merge note.

7) Execute Post-Merge Steps

  • Move the related Trello card to Done.
  • Delete the task branch after merge.
  • Never delete the main branch.

8) Complete Handoff

  • Send the final outcome back to the programmer agent:
    • merged, or
    • CR sent, or
    • waiting for fixes.
  • Ensure the next task starts only after this outcome message.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…