Beta Code Review
v1.0.0Systematic code review patterns covering security, performance, maintainability, correctness, and testing — with severity levels, structured feedback guidanc...
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name, description, and included checklists all describe a PR/code-review aid. There are no unexpected required binaries, env vars, or config paths. Minor metadata inconsistencies exist (registry slug/owner vs _meta.json values and the skill title 'Beta Code Review' vs SKILL.md name 'code-review'), but these are editorial and do not change the capability.
Instruction Scope
SKILL.md contains only review guidance and checklists; it does not instruct the agent to read unrelated system files, access secrets, call external endpoints, or perform arbitrary shell execution. The only actionable lines are example install commands (npx clawhub@latest install code-review) which are user-run; runtime instructions themselves stay within the review scope.
Install Mechanism
No install spec in the registry (instruction-only). The README/SKILL.md reference npx-based installation and local copy operations (e.g., copying into ~/.ai-skills or .cursor/skills). That is a normal, low-risk install approach, but using npx or copying from remote repos can execute code fetched from the network — verify the source before running installs.
Credentials
The skill declares no required environment variables, credentials, or config paths. The checklist even advises on secrets management (not storing keys in source). There is no disproportionate credential request.
Persistence & Privilege
always is false, and model invocation is allowed (platform default). The skill does not request permanent presence or modification of other skills or agent-wide settings. No elevated privileges are requested.
Assessment
This skill is an instruction-only code-review checklist and appears coherent and low-risk. Before installing or running the npx installation commands, verify the skill's source (repository/owner) since the registry metadata and the packaged _meta.json/README show minor mismatches and no homepage is provided. If you plan to run the npx install, review the remote repo contents first and only install from a trusted location; avoid providing any credentials to the skill and prefer installing in an isolated environment if you are unsure.Like a lobster shell, security has layers — review code before you run it.
latestvk97a6wdcw22y3dh2kmgs2sayw183whqj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.