Code Review Assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill does not show data theft or destructive behavior, but it advertises real code and security review while the included script returns canned results without analyzing the requested code.
Do not rely on this skill for real code review or security scanning unless it is updated to actually inspect your code. It appears low-risk for data exposure, but its current output is a canned example that may be misleading.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe their code was checked for bugs or vulnerabilities when it was not, creating a false sense of security.
In the review command, the script announces it is reviewing the user's target, then prints a fixed report for example.js. The provided code does not read, parse, or analyze the requested target.
echo "📁 Reviewing: $TARGET" ... cat << 'REPORT' ... File: example.js ... echo -e "${GREEN}✅ Review complete!${NC}"Treat this as a mock or template unless real analysis is added. The skill should clearly disclose canned output or implement actual scoped code scanning before users rely on its results.