ClawHub

AI Code Reviewer

v1.0.0

Automated code review — security vulnerabilities, performance issues, best practices, refactoring suggestions, and documentation gaps. Supports Python, JavaS...

0· 21·0 current·0 all-time
by@tktk-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (automated code review across many languages) aligns with what the skill asks for and does. It requires no binaries, credentials, or installs, which is proportionate for an instruction-only reviewer that operates on user-supplied code or file paths.
Instruction Scope
SKILL.md confines actions to reviewing pasted code or user-provided file paths and producing PR-style comments. It does not instruct the agent to read system files or environment variables unrelated to a review. Note: allowing file-path input means the agent will read whatever files the user points it at (including potentially sensitive files) — this is expected for a code-review tool but worth caution. The SKILL.md references helper docs (references/*.md) that are not present in the package.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no unexplained secret requests.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request persistent presence or system-wide config changes and does not claim to modify other skills.
Assessment
This skill appears coherent and does not ask for credentials or install arbitrary code. However: only paste or point the skill at code you are comfortable sharing (do not paste secrets, private keys, or production credentials). If you provide file paths, ensure the agent's environment is allowed to access those files and that they do not contain sensitive data. Review the AI's suggested fixes before applying them (especially security fixes), and consider running results by a human reviewer. Note the skill references auxiliary docs that were not included — that may limit some guidance but is not a security issue by itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk978n38djnh96tsdrgf18shngd84fpc4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments