AI Code Review
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: ai-code-review-ops Version: 1.1.0 The skill bundle provides an AI agent with extensive permissions to execute shell commands (gh, git, npm, etc.) and push code changes directly to repositories to resolve CI/CD failures, as detailed in SKILL.md and reference.md. While these capabilities are aligned with the stated 'Code Review Ops' purpose and the documentation promotes security best practices (e.g., fixing SQL injection and hardcoded credentials in examples.md), the automated nature of code modification and pushing represents a high-risk surface. No evidence of intentional malice, data exfiltration, or obfuscation was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could commit unrelated local changes or push an incorrect fix to a PR, affecting collaborators and CI results.
This turns a review/CI-check workflow into broad repository staging, committing, and pushing. The artifact does not require explicit user approval or file-level scoping before the remote change.
**自分が作成したPR**: 失敗原因を分析し、修正を実施 ... `git add .` ... `git commit -m "fix: resolve CI failures"` ... `git push`
Require an explicit confirmation step before any commit or push, show the proposed diff, avoid git add ., stage only named files, and let the user approve the exact branch and message.
A malicious or compromised project script could run commands on the user's machine if the agent executes it.
Running project-defined npm scripts is expected when reproducing CI, but those scripts execute code from the repository and can be risky for untrusted branches.
CI失敗を事前に防ぐため、プッシュ前にローカルで実行: `npm run type-check` ... `npm run lint` ... `npm test` ... `npm run build` ... `npm run ci`
Run project scripts only in trusted repositories or a sandbox, and ask the user before executing scripts from unfamiliar PRs.
The skill may use whatever repository permissions are already available through gh or git.
The skill expects use of the user's GitHub CLI authentication to read PR and CI information. This is purpose-aligned, but it means actions occur under the user's GitHub identity.
GitHub CLI (`gh`) - PR情報とCI/CDステータスの取得用 ... `gh auth login`
Use least-privilege GitHub credentials, confirm the target repository and branch, and restrict write-capable actions unless explicitly requested.
The skill may not work unless the user installs and authenticates GitHub CLI, and those tools bring their own permissions and update/provenance considerations.
The skill is instruction-only but asks the user to rely on external local tooling. This is normal for GitHub review workflows, but users should notice that the registry metadata declares no required binaries.
## Dependencies - Git ... - GitHub CLI (`gh`) ... インストール方法: ```bash brew install gh ```
Install GitHub CLI from trusted sources, keep it updated, and consider declaring Git and gh as requirements in the skill metadata.