Code Review
ReviewAudited by ClawScan on May 10, 2026.
Overview
This code-review skill is mostly coherent, but it tells the agent to make and push code changes with broad Git commands during CI failure handling without clearly requiring user approval.
Install only if you are comfortable with the skill using Git, GitHub CLI, CI logs, and local project files. Before letting it fix CI failures, require it to show the planned changes and diff, avoid `git add .`, and get explicit approval before any commit or push.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could unintentionally stage unrelated local files, commit changes the user has not reviewed, and publish them to a remote branch.
The skill instructs the agent to fix CI failures and push commits, using broad `git add .`, without clearly requiring user confirmation or limiting which files may be staged.
自分が作成したPR: 失敗原因を分析し、修正を実施 ... git add . git commit -m "fix: resolve CI failures" git push
Require explicit user approval before modifying files, committing, or pushing; show the diff first; and use path-scoped `git add` instead of `git add .`.
The skill may use the user's existing GitHub permissions to inspect PRs, CI logs, and potentially push branches if the workflow reaches that step.
GitHub CLI authentication is expected for PR and CI review, but it gives the skill access through the user's GitHub identity and is not declared in the registry credential metadata.
PRのCI/CDステータス確認には`gh`コマンドが必要です。インストール方法: ... gh auth login
Use a least-privilege GitHub account or token where possible, and confirm before allowing any write operations.
Users may not realize before installation that the skill expects local developer tooling and GitHub CLI setup.
The skill depends on local Git and GitHub CLI tooling, while the registry metadata says there are no required binaries. This is disclosed in the skill text but not reflected in metadata.
## Dependencies - Git (変更差分の確認用) - GitHub CLI (`gh`) - PR情報とCI/CDステータスの取得用
Update metadata to declare Git/GitHub CLI requirements and keep installation/authentication steps explicit and user-driven.
If the local guidance file contains outdated, unsafe, or malicious instructions, the skill's review output may be biased or incorrect.
The review behavior is influenced by a persistent local guidance file. That is useful for user preferences, but a modified or poisoned file could affect future reviews.
このスキルは、以下のガイドライン(`~/.claude/CLAUDE.md`)に基づいた体系的なコードレビューを提供します
Review `~/.claude/CLAUDE.md` periodically and avoid treating persistent local guidance as higher priority than the user's current request or safety rules.