Skylv Automated Code Reviewer
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a documentation-only code-review skill, but it references an unsupplied Node script and optional PR/auto-fix features that users should verify before running.
Treat this as documentation rather than a complete working package. Verify any `review.js` implementation before running it, avoid auto-fix or auto-approval defaults until you understand their impact, and use least-privilege access for any PR integration.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent tries to follow the examples, they need to know where `review.js` comes from and whether it is trustworthy.
The documentation references a relative Node helper script, but the provided artifact set contains only SKILL.md and no review.js or install spec.
node review.js analyze --pr 42 --repo owner/repo
Do not run `node review.js` unless you have verified the script source and intended working directory.
Running the command could execute local code and change files in the repository.
The skill provides command examples that would execute a local Node script and may modify repository files via `--fix`; this is expected for a lint/review workflow but should remain user-controlled.
node review.js lint --standard airbnb --fix
Run commands only in trusted repositories and review file changes before committing them.
If connected to a code-hosting account, the tool could influence pull request approvals or merge checks.
The sample configuration includes auto-approval behavior, and the README also mentions PR integration and blocking merges; these would require repository authority if implemented.
"autoApprove": ["docs-only", "formatting"]
Use least-privilege repository credentials and require human review before enabling auto-approval or merge-blocking behavior.