Skillv1.0.0

ClawScan security

PR Doctor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 7:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (automated PR review pipeline) is plausible and mostly coherent, but the runtime instructions expect external tooling/permissions (gh CLI, Git repo access, and an output channel like Feishu) that are not declared as requirements—this mismatch and the fact it will read repo code, create GitHub issues, and write local learning logs merit caution.
Guidance: Before installing or enabling PR Doctor, check the following: (1) It expects the 'gh' CLI and an authenticated GitHub session—ensure you understand which account will be used (read vs write permissions). (2) The skill will read PR diffs and repository files and may create GitHub Issues automatically—sensitive code or secrets could be captured in issue bodies or local logs. Consider disabling automatic issue creation (or require confirmation) and run the skill on non-sensitive repositories first. (3) workflow.json lists 'feishu' as an output channel but no Feishu credentials are declared—confirm how and where reports will be posted. (4) The skill source and homepage are unknown; verify the provenance (who is 'PR Doctor Team') and inspect the concrete implementations of the delegated skills (code-review-skill, github-issues-skill, etc.) before granting broad permissions or enabling autonomous invocation. If you cannot verify those, treat this skill as untrusted and restrict it to manual, non-privileged runs.

Review Dimensions

Purpose & Capability: noteThe name/description and the workflow (code review → test analysis → create issues → log learnings) match each other and the included workflow.json. Delegating to specialized skills (code-review-skill, testing-patterns, github-issues-skill, self-improvement) is coherent for the stated goal.
Instruction Scope: concernSKILL.md explicitly instructs using 'gh pr diff' and reading PR diffs, creating issues, and writing a .learnings/ directory. That means the agent will read repository code (potentially the whole repo depending on how diffs are gathered), create external GitHub Issues (which may expose findings publicly), and write files locally—actions that go beyond simple summarization. These behaviors are coherent with purpose but are impactful and should be consented to; the SKILL.md also assumes gh is available and authenticated, which is not declared elsewhere.
Install Mechanism: okThis is an instruction-only skill with no install spec or code to write to disk. That reduces installation risk. There is no download/execute step defined in the package itself.
Credentials: concernThe metadata lists no required env vars or binaries, but the instructions and workflow.json require 'gh' CLI authentication (gh auth login) and Git repo access. workflow.json also lists 'feishu' as an output channel, which would require credentials/integration that are not declared. The skill thus implicitly relies on credentials and tools not declared up front—this mismatch can lead to accidental use of existing authorized credentials or unexpected external posting.
Persistence & Privilege: notealways:false (normal). The skill writes local logs into '.learnings/' (self-improvement step)—that is moderate persistence limited to its own files but could capture sensitive code snippets. It does not request to modify other skills or global configuration.