ClawHub

PR Reviewer

v1.0.0

Reviews pull requests by detecting logic bugs, security risks, test gaps, API changes, and style issues, providing a structured report prioritizing block mer...

0· 82·1 current·1 all-time
by@lnguyen1996
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and required inputs (git diffs, PR URLs, raw code) align with a code-review skill. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md stays within the review scope (logic, security, tests, API, perf, style). Two minor notes: (1) it accepts GitHub/GitLab PR URLs 'if accessible' — the document doesn't request credentials, so private PRs won't be reachable unless the agent/environment already has network access and auth; (2) the 'self-improvement' step implies tracking counts across reviews but gives no storage mechanism (see persistence).
Install Mechanism
No install spec and no code files — instruction-only skill, so nothing is written to disk or downloaded during install.
Credentials
The skill requires no environment variables or credentials. Users should avoid pasting secrets or private tokens in diffs/code they submit, since the skill explicitly flags 'secret or credential added to source'.
Persistence & Privilege
always:false and no explicit persistence are appropriate. The 'after 20 reviews, surface top 3 patterns' instruction implies maintaining state across sessions; the SKILL.md does not specify where/how to store that state, so either the agent will not persist it or it may try to use external storage if available. This is a capability gap to be aware of but not inherently malicious.
Assessment
This skill is coherent and instruction-only — it does what it says: reviews diffs and PRs. Before using: do not paste private tokens, passwords, or other secrets into the diff or code you submit; expect that GitHub/GitLab URLs for private repos will not be reviewed unless the agent/environment already has network access and appropriate credentials; and note the self-improvement feature implies counting reviews across runs but no storage is provided — if you need persistent metrics, provide a secure storage mechanism or avoid relying on that feature.

Like a lobster shell, security has layers — review code before you run it.

latestvk97838qptzmtn1vp0eq9gtbgp983dgnr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments