Code Review ProMax
PassAudited by ClawScan on May 13, 2026.
Overview
This instruction-only code review skill appears purpose-aligned and read-oriented, though it may use git, GitHub, or GitLab tools/APIs to fetch code changes for review.
Before installing, understand that this skill is designed to review code changes and may fetch PR/MR/commit data from GitHub, GitLab, or local git tooling when you provide those references. The visible artifacts show no destructive or credential-stealing behavior, but the SKILL.md content supplied for review was truncated, so review the full prompt if you need higher assurance.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide a commit hash, PR, or MR link, the agent may read repository data through local tools or provider APIs instead of only reviewing pasted text.
The skill tells the agent to use local git/gh commands and GitHub/GitLab APIs to retrieve diffs and review context. These actions are central to the code-review purpose and appear read-only, but they mean linked reviews may involve command/tool use and external network requests.
提供 Git commit hash ... `git show <hash>` 或 `git diff <hash>~1 <hash>` 获取 diff ... `gh pr diff <pr_number> -R <owner>/<repo>` 获取 diff ... 使用 GitHub API ... 使用 GitLab API
Use this skill only with repositories and links you intend the agent to access; paste a diff manually if you want to avoid external fetching.