ClawHub

Review Elixir

v1.0.0

Comprehensive Elixir/Phoenix code review with optional parallel agents

0· 57·1 current·1 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md focuses on reviewing Elixir/Phoenix diffs, running mix tools, detecting frameworks, and loading specialty review skills. One small mismatch: the registry metadata declares no required binaries, yet the instructions assume local tools (git, mix, grep, head, etc.) are available.
Instruction Scope
The instructions stay within review boundaries: they operate on the repository diff, run linters/formatters, detect technologies, and load specialized skills. They do not direct data to external endpoints or request unrelated system credentials. They do ask to check repository files such as CLAUDE.md and to load other 'beagle-elixir:*' skills via the Skill tool (expected for a composite reviewer).
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill itself. That is low-risk and coherent for a review-only tool.
Credentials
No environment variables or credentials are requested, which aligns with the stated purpose. However, the SKILL.md implicitly requires local CLIs (git, mix, grep, head) and optionally dialyzer/credo; these are not listed in required binaries. Confirming presence of those tools is necessary for the skill to function.
Persistence & Privilege
The skill is user-invocable, not always-on, and does not request elevated persistence or modify other skills or system-wide settings. The header sets disable-model-invocation: true (disables model invocation), which reduces risk rather than increasing it.
Scan Findings in Context
[no-code-files-to-scan] expected: The regex scanner reported no findings because this is an instruction-only skill (only SKILL.md present). This is expected; security-relevant behavior comes from the instructions themselves.
Assessment
This skill appears to do what it says: run an Elixir/Phoenix review over the diff and orchestrate specialized sub-skills. Before installing, confirm the runtime environment has git, the Elixir toolchain (mix, credo, dialyzer if needed), and common POSIX utilities (grep, head), since the SKILL.md assumes they exist but the skill metadata doesn't list them. Also review any 'beagle-elixir:*' skills this skill will load (they may request additional permissions or credentials). Finally, note that the skill runs commands against your repository (reads files and diffs) — don't install if you aren't comfortable permitting a review tool to read repository contents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzh4pz609ydf49dt8ec57nd84k4tp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments