AI Code Review
ReviewAudited by ClawScan on May 11, 2026.
Overview
This appears to be a legitimate code-review helper, but it also tells the agent to fix, commit, and push code changes using your GitHub account without clearly requiring your approval.
Use this skill only if you are comfortable letting it inspect your repository and GitHub PR/CI information. Before use, tell the agent whether it is allowed to modify files; require a displayed diff and explicit confirmation before any commit, push, or dependency update; and verify the active GitHub account and local ~/.claude/CLAUDE.md contents.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could accidentally publish unintended local changes or alter a repository when the user expected only a review.
The skill directs the agent to make fixes and push commits, including a broad git add ., without requiring explicit user approval or limiting the files to be committed.
自分が作成したPR: 失敗原因を分析し、修正を実施 ... git add . ... git commit -m "fix: resolve CI failures" ... git push
Require the agent to show the exact diff and ask for explicit confirmation before any git add, commit, push, dependency update, or CI-fix action; prefer targeted file adds over git add ..
Actions may run under the user's GitHub identity, including reading private PR/CI information and, with the push workflow, publishing repository changes.
The skill expects use of an authenticated GitHub CLI session. That is purpose-aligned for PR and CI review, but it is sensitive account access and is not declared in the registry credential metadata.
GitHub CLI (`gh`) - PR情報とCI/CDステータスの取得用 ... # 認証 gh auth login
Authenticate gh only to the intended GitHub account and repository, use the least necessary scopes, and verify which account is active before running review or push workflows.
Users may not realize from the registry page that local Git/GitHub CLI setup is needed.
The skill documents external CLI dependencies even though the registry lists no required binaries. This is a metadata completeness issue rather than hidden code execution.
## Dependencies - Git (変更差分の確認用) - GitHub CLI (`gh`) - PR情報とCI/CDステータスの取得用
Declare Git and GitHub CLI requirements in metadata and document supported versions and safe setup steps.
Local persistent instructions could change review criteria or priorities across tasks.
The skill uses persistent local agent guidance as part of its review basis. This is disclosed and can be helpful, but stale or untrusted content in that file could influence review behavior.
以下のガイドライン(`~/.claude/CLAUDE.md`)に基づいた体系的なコードレビューを提供します
Review and trust the contents of ~/.claude/CLAUDE.md before relying on this skill for security or quality reviews.