Back to skill
Skillv1.0.0
ClawScan security
PR Review Factory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 28, 2026, 7:47 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (automating GitHub PR review) matches its behavior, but the runtime instructions require a GitHub token and repo-admin actions that are not declared in the metadata and the skill comes from an unknown source — proceed with caution.
- Guidance
- Before installing, verify and limit privileges: 1) Ask the publisher for clarification about required env vars (SKILL.md mentions GITHUB_TOKEN but metadata lists none) and for the source/homepage. 2) Use a least-privilege credential: prefer a fine-grained GitHub App or token scoped only to the specific repo and actions needed (issues, workflows, PR updates), avoid org-level or admin tokens. 3) Review generated GitHub Actions workflows and CI templates before they are committed/deployed — workflows can execute PR code and could be abused. 4) Test the skill on a non-production or forked repo first. 5) Confirm the provenance/trustworthiness of the referenced sub-skills (code-review-skill, github-issues-skill, github-actions-templates) — they are orchestrated but not included, so their behavior matters. 6) If you require automatic merging, consider adding a manual approval step or restrict merges to specific maintainers. If you cannot verify the publisher or the downstream skills, avoid granting admin-level repo access.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to automate full PR lifecycle (review → issues → CI → merge). That purpose legitimately requires GitHub API access and the ability to create workflows and issues; these capabilities align with the stated purpose. However, the skill metadata declares no required environment variables or credentials while the SKILL.md explicitly says a GITHUB_TOKEN is required — an inconsistency.
- Instruction Scope
- concernSKILL.md instructs the agent to fetch PR diffs, create Issues, configure/deploy GitHub Actions workflows, check branch protection, and automatically mark/merge PRs. These actions operate on the user's repos and can change repository settings and add CI workflows. The instructions do not declare any external endpoints beyond GitHub or request unrelated local files, but they grant broad discretion to modify repo state (including deploying workflows) which can execute code from PRs. The missing explicit declaration of required credentials in the metadata increases risk.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. That reduces installation risk; all runtime behavior is orchestration of other (named) skills.
- Credentials
- concernThe skill requires a GitHub token with repo read/write and possibly admin permissions (to deploy workflows and mark/merge PRs), but the registry metadata lists no required env vars or primary credential. Declaring no credentials while the instructions require GITHUB_TOKEN is a notable mismatch. Granting a token with repo-admin or org-level rights would be disproportionate unless you trust the skill and its components.
- Persistence & Privilege
- notealways:false and normal autonomous invocation are used (no forced inclusion). The skill will modify repository state (issues, workflows, PR merge status) if given permission — this is expected for its purpose but constitutes high-impact privileges within the repo. There's no indication the skill will persist beyond normal operation or alter other skills' configs.