ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Consolidate

v0.1.0

Consolidate and respond to external feedback on PRs/issues. pr-review - review AI bot feedback (CodeRabbit, Copilot) and post summary comments [pr-review.md]...

0· 34·0 current·0 all-time
byes6kr@drumrobot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the runtime instructions: the skill collects AI bot review comments, classifies them, optionally makes fixes with explicit user approval, and posts an AI Review Summary. That purpose legitimately requires interacting with git/GitHub and editing repository files. However, the skill does not declare any required binaries (gh, git) even though the instructions rely heavily on them.
Instruction Scope
SKILL.md and pr-review.md are narrowly focused on PR review consolidation: identify PR, collect comments via gh, classify AI feedback, ask the user whether to fix, optionally apply edits, and post a summary. The instructions explicitly require user approval before fixes or pushes and mandate branch-ownership checks. There are no instructions to exfiltrate data to third-party endpoints beyond GitHub.
Install Mechanism
No install spec or code is included (instruction-only), which minimizes disk writes. But the skill implicitly depends on external CLIs (gh, git) and a configured environment — this dependency is not declared, which could lead to surprising behavior at runtime.
!
Credentials
The skill will need GitHub API access and ability to push commits (gh/git + auth) to perform its tasks, yet requires.env and primary credential fields are empty. Allowed tools include Bash, Read, Write, and Edit, which permit arbitrary shell and file operations in the repository. The absence of an explicit GITHUB_TOKEN/GH_TOKEN or a note about required gh auth is an important omission and increases risk if the agent runs with broad credentials.
Persistence & Privilege
The skill is not always-on and does not request system-wide persistence or modify other skills. Autonomous invocation is enabled by default (normal for skills), but the instructions demand explicit user approval before making commits or pushes, limiting autonomous destructive actions.
What to consider before installing
This skill appears to do what it says — consolidate AI bot PR reviews and post summaries — but you should not install it silently. Before using, verify the runtime environment: ensure gh and git are intentionally available and authenticated. Prefer giving the skill a least-privilege GitHub token (or require interactive gh login) rather than broad account tokens. Test on a fork or non-critical repo first. Note that the skill can run shell commands and edit files (AskUserQuestion + Bash + Edit + Write are allowed), so confirm the agent's behavior and that interactive approvals are enforced. If you need stricter safety, ask the author to: (1) declare required binaries and env vars (gh/git, GITHUB_TOKEN), (2) add a dry-run mode, and (3) limit token scope and document exactly what commands will run.

Like a lobster shell, security has layers — review code before you run it.

latestvk977t66c43850d6kmj1dytdsc184xdcc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments