AI Code Review
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could accidentally publish unintended local changes or alter a repository when the user expected only a review.
The skill directs the agent to make fixes and push commits, including a broad git add ., without requiring explicit user approval or limiting the files to be committed.
自分が作成したPR: 失敗原因を分析し、修正を実施 ... git add . ... git commit -m "fix: resolve CI failures" ... git push
Require the agent to show the exact diff and ask for explicit confirmation before any git add, commit, push, dependency update, or CI-fix action; prefer targeted file adds over git add ..
Actions may run under the user's GitHub identity, including reading private PR/CI information and, with the push workflow, publishing repository changes.
The skill expects use of an authenticated GitHub CLI session. That is purpose-aligned for PR and CI review, but it is sensitive account access and is not declared in the registry credential metadata.
GitHub CLI (`gh`) - PR情報とCI/CDステータスの取得用 ... # 認証 gh auth login
Authenticate gh only to the intended GitHub account and repository, use the least necessary scopes, and verify which account is active before running review or push workflows.
Users may not realize from the registry page that local Git/GitHub CLI setup is needed.
The skill documents external CLI dependencies even though the registry lists no required binaries. This is a metadata completeness issue rather than hidden code execution.
## Dependencies - Git (変更差分の確認用) - GitHub CLI (`gh`) - PR情報とCI/CDステータスの取得用
Declare Git and GitHub CLI requirements in metadata and document supported versions and safe setup steps.
Local persistent instructions could change review criteria or priorities across tasks.
The skill uses persistent local agent guidance as part of its review basis. This is disclosed and can be helpful, but stale or untrusted content in that file could influence review behavior.
以下のガイドライン(`~/.claude/CLAUDE.md`)に基づいた体系的なコードレビューを提供します
Review and trust the contents of ~/.claude/CLAUDE.md before relying on this skill for security or quality reviews.