ClawHub

Code Review

v1.0.0

Systematic code review patterns covering security, performance, maintainability, correctness, and testing — with severity levels, structured feedback guidance, review process, and anti-patterns to avoid. Use when reviewing PRs, establishing review standards, or improving review quality.

11· 11.3k·191 current·203 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the SKILL.md content: a systematic checklist for security, performance, correctness, maintainability, testing, etc. It does not request unrelated binaries, environment variables, or credentials.
Instruction Scope
SKILL.md contains review checklists, guidance, and manual installation instructions (npx/cloning/copying files). It does not instruct the agent to read user secrets, system-wide config, or exfiltrate data. The scope stays within code-review/checklist guidance.
Install Mechanism
The registry entry itself has no install spec (lowest risk). README/SKILL.md include manual install examples (npx, copying from ~/.ai-skills or GitHub). Those are normal for sharing skills but, if followed, would pull code from external locations — verify the source before running such commands.
Credentials
No environment variables, secrets, or credential requests are declared or used in SKILL.md. Nothing disproportionate is requested for a checklist-style skill.
Persistence & Privilege
Flags are default (always:false, user-invocable:true, autonomous invocation allowed). The skill does not request permanent presence or modify other skills; privileges are appropriate for a user-invoked checklist.
Assessment
This skill is a text-based checklist and appears coherent and low-risk: it doesn't ask for credentials or install anything automatically. Before installing or copying files suggested in the README, verify the source (GitHub repo/owner) since the README points to external locations. If you plan to add it to an environment where skills run code, prefer installing from a trusted registry or inspect the repository contents first. If you need higher assurance, request a homepage or repository link and review the files referenced by the install commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk9742es2pysefdg9hdt0eb08cd80x471

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments