ClawHub

Code Review Assistant Zhuyu28

v1.0.0

AI-powered code review assistant that analyzes code for bugs, security issues, performance problems, and style violations. Supports multiple programming lang...

0· 233·0 current·0 all-time
by@zhuyu28
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the provided code and guidelines. The included script performs static checks on files (Python/JS) and the guidelines file documents expected review rules — nothing requested (env, binaries, installs) is disproportionate to a code-review tool.
Instruction Scope
SKILL.md instructs the assistant to analyze provided code/files and to review included source. The runtime instructions do not ask the agent to read unrelated system files, environment variables, or send data to external endpoints.
Install Mechanism
No install spec is present (instruction-only plus a small local script). This is low-risk: nothing is downloaded or written to disk by an installer.
Credentials
The skill requires no environment variables, credentials, or config paths. The script reads only files you explicitly pass to it and does not read environment variables or other system-wide credentials.
Persistence & Privilege
always is false and the skill does not claim persistent/system-level presence or modify other skills. Autonomous invocation (disable-model-invocation=false) is the platform default and not by itself a concern here.
Assessment
This skill appears internally consistent and low-risk: it analyzes files you provide and asks for no credentials or installs. Before installing, note that the source/homepage is unknown (no external provenance), so only feed it code you are comfortable sharing with the skill. Do not pass secrets or private keys as sample files. Also be aware the bundled script imports subprocess (unused in current code) — while harmless as-is, unused imports could be leveraged if the code is later modified; if you plan to enable autonomous invocation, prefer skills from known publishers or review the source yourself first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ctm6zfmn3nw7hrsam547j0d82dzpj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments