AI Code Review
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its code-review purpose, but its included code has weak URL/file sandboxing and a helper script that can restart system services, so it needs review before use.
Install or use this only after reviewing the code paths you plan to run. Provide dedicated OpenAI and Discord credentials, avoid untrusted diff URLs, keep voice files in a clearly bounded directory, and do not run the healthcheck script unless you want it to control system services such as Docker and nginx.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or mistaken diff URL could make the agent contact unintended internal or sensitive network endpoints.
The service fetches a user-supplied diff URL after only textual hostname checks; it allows HTTP and does not resolve or comprehensively block link-local, private IPv6, DNS-rebinding, or alternate IP forms.
ALLOWED_DIFF_SCHEMES = {"https", "http"} ... if hostname in ("localhost", "127.0.0.1", "0.0.0.0", "::1") or hostname.startswith("10.") ... resp = requests.get(diff_url, timeout=REQUEST_TIMEOUT)Require HTTPS, allowlist expected code-hosting domains or repositories, resolve hostnames before fetching, block all private/link-local ranges, and require explicit approval for any internal-network override.
The agent could upload an unintended local file to OpenAI if a crafted path escapes the intended voice-note directory.
The voice-note sandbox uses a string prefix check, so paths in sibling directories with the same prefix can pass; any accepted file is then uploaded to OpenAI for transcription.
if not str(resolved).startswith(str(VOICE_NOTE_BASE_DIR)): ... with open(resolved_path, "rb") as audio_file: transcription = client.audio.transcriptions.create(model="whisper-1", file=audio_file)
Use Path.relative_to or equivalent canonical containment checks, restrict file types and sizes, and ask for clear user confirmation before uploading local files to a provider.
Running the script could disrupt local containers, web services, or other workloads on the machine.
If run, the helper checks and restarts broad host services and writes a protected log file, but the SKILL usage does not clearly present this privileged system-control behavior.
SERVICES=("nginx" "docker" "code-review-service" "whisper-api-gateway") ... LOG_FILE="/var/log/code_review_healthcheck.log" ... systemctl restart "$service"Do not run the healthcheck unless you intentionally want it to manage those services; narrow the service list, add dry-run/confirmation behavior, and document required privileges and side effects.
Users may not realize the skill needs an OpenAI key and may post messages to a Discord channel through the configured webhook.
The skill needs provider credentials and a webhook for its stated integrations, but the registry metadata declares no required environment variables or primary credential.
`OPENAI_API_KEY` | Yes | OpenAI API key for Whisper transcription | ... `DISCORD_WEBHOOK_URL` | No | Discord webhook for review notifications |
Declare these credentials in metadata and use least-privilege keys/webhooks dedicated to this skill.
An agent or user may have to improvise setup, which can lead to running the wrong file or installing undeclared packages.
Despite being instruction-only, the artifacts include runnable Python and shell code, undeclared Python dependencies, and a documented command path that does not match the provided file path.
No install spec — this is an instruction-only skill.
Add a clear install/run specification, declare dependencies and environment variables, and make the documented command match the packaged file path.