ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Requesting Code Review

Use when completing tasks, implementing major features, or before merging to verify work meets requirements

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 34 · 0 current installs · 0 all-time installs
by@soponcd
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: it guides requesting a code review and dispatching a code-reviewer subagent. However the SKILL.md expects a template file (requesting-code-review/code-reviewer.md) and the presence of git in the environment even though the skill metadata declares no required binaries or files.
!
Instruction Scope
Instructions ask the agent to run git commands (git rev-parse, git log) and to dispatch a 'superpowers:code-reviewer' subagent using a Task tool and a template path. The repository manifest contains only SKILL.md, so the referenced template file is not present here — the runtime instructions therefore refer to an external artifact and an external subagent whose behavior and permissions are unknown. This creates ambiguity and a potential failure or unexpected delegation at runtime.
Install Mechanism
No install spec and no code files are present; the skill is instruction-only and does not write to disk during installation.
Credentials
The skill declares no environment variables or credentials (appropriate for its stated purpose). That said, it implicitly requires git and an accessible repository context and also depends on a separate 'superpowers:code-reviewer' subagent or service that may require credentials — those dependencies are not declared.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent presence or elevated platform privileges in the provided metadata.
What to consider before installing
This skill is mostly harmless and fits its stated purpose, but before installing or using it: (1) confirm that the code-reviewer template (requesting-code-review/code-reviewer.md) actually exists where the skill expects it — the bundle you provided only contains SKILL.md; (2) ensure the agent runtime has git and access to the repository (the instructions run git commands but the skill metadata doesn't declare git as a required binary); (3) verify what the 'superpowers:code-reviewer' subagent is and what permissions/credentials it needs or uses (the skill delegates review work to that subagent, which could perform actions you should audit); and (4) if you rely on this in automation, update the skill metadata to declare git and any required template or credentials so its behavior is explicit. If those points are resolved, the skill is coherent; if not, it may fail or delegate in unexpected ways.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97f7gtq0mj34zbarqfxmnhdss83k3rp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👀 Clawdis

SKILL.md

Requesting Code Review

Dispatch superpowers:code-reviewer subagent to catch issues before they cascade.

Core principle: Review early, review often.

When to Request Review

Mandatory:

  • After each task in subagent-driven development
  • After completing major feature
  • Before merge to main

Optional but valuable:

  • When stuck (fresh perspective)
  • Before refactoring (baseline check)
  • After fixing complex bug

How to Request

1. Get git SHAs:

BASE_SHA=$(git rev-parse HEAD~1)  # or origin/main
HEAD_SHA=$(git rev-parse HEAD)

2. Dispatch code-reviewer subagent:

Use Task tool with superpowers:code-reviewer type, fill template at code-reviewer.md

Placeholders:

  • {WHAT_WAS_IMPLEMENTED} - What you just built
  • {PLAN_OR_REQUIREMENTS} - What it should do
  • {BASE_SHA} - Starting commit
  • {HEAD_SHA} - Ending commit
  • {DESCRIPTION} - Brief summary

3. Act on feedback:

  • Fix Critical issues immediately
  • Fix Important issues before proceeding
  • Note Minor issues for later
  • Push back if reviewer is wrong (with reasoning)

Example

[Just completed Task 2: Add verification function]

You: Let me request code review before proceeding.

BASE_SHA=$(git log --oneline | grep "Task 1" | head -1 | awk '{print $1}')
HEAD_SHA=$(git rev-parse HEAD)

[Dispatch superpowers:code-reviewer subagent]
  WHAT_WAS_IMPLEMENTED: Verification and repair functions for conversation index
  PLAN_OR_REQUIREMENTS: Task 2 from docs/plans/deployment-plan.md
  BASE_SHA: a7981ec
  HEAD_SHA: 3df7661
  DESCRIPTION: Added verifyIndex() and repairIndex() with 4 issue types

[Subagent returns]:
  Strengths: Clean architecture, real tests
  Issues:
    Important: Missing progress indicators
    Minor: Magic number (100) for reporting interval
  Assessment: Ready to proceed

You: [Fix progress indicators]
[Continue to Task 3]

Integration with Workflows

Subagent-Driven Development:

  • Review after EACH task
  • Catch issues before they compound
  • Fix before moving to next task

Executing Plans:

  • Review after each batch (3 tasks)
  • Get feedback, apply, continue

Ad-Hoc Development:

  • Review before merge
  • Review when stuck

Red Flags

Never:

  • Skip review because "it's simple"
  • Ignore Critical issues
  • Proceed with unfixed Important issues
  • Argue with valid technical feedback

If reviewer wrong:

  • Push back with technical reasoning
  • Show code/tests that prove it works
  • Request clarification

See template at: requesting-code-review/code-reviewer.md

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…