Skylv Automated Code Reviewer
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: skylv-automated-code-reviewer Version: 1.0.1 The skill bundle consists of metadata and documentation for an automated code review utility. The SKILL.md file describes standard development tasks such as bug detection, security scanning, and linting using a script named review.js. No malicious instructions, prompt injections, or suspicious exfiltration patterns were found in the provided files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent tries to follow the examples, they need to know where `review.js` comes from and whether it is trustworthy.
The documentation references a relative Node helper script, but the provided artifact set contains only SKILL.md and no review.js or install spec.
node review.js analyze --pr 42 --repo owner/repo
Do not run `node review.js` unless you have verified the script source and intended working directory.
Running the command could execute local code and change files in the repository.
The skill provides command examples that would execute a local Node script and may modify repository files via `--fix`; this is expected for a lint/review workflow but should remain user-controlled.
node review.js lint --standard airbnb --fix
Run commands only in trusted repositories and review file changes before committing them.
If connected to a code-hosting account, the tool could influence pull request approvals or merge checks.
The sample configuration includes auto-approval behavior, and the README also mentions PR integration and blocking merges; these would require repository authority if implemented.
"autoApprove": ["docs-only", "formatting"]
Use least-privilege repository credentials and require human review before enabling auto-approval or merge-blocking behavior.