by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is a text-based checklist and appears coherent and low-risk: it doesn't ask for credentials or install anything automatically. Before installing or copying files suggested in the README, verify the source (GitHub repo/owner) since the README points to external locations. If you plan to add it to an environment where skills run code, prefer installing from a trusted registry or inspect the repository contents first. If you need higher assurance, request a homepage or repository link an...详细分析 ▾
✓ 用途与能力
The skill's name and description match the SKILL.md content: a systematic checklist for security, performance, correctness, maintainability, testing, etc. It does not request unrelated binaries, environment variables, or credentials.
✓ 指令范围
SKILL.md contains review checklists, guidance, and manual installation instructions (npx/cloning/copying files). It does not instruct the agent to read user secrets, system-wide config, or exfiltrate data. The scope stays within code-review/checklist guidance.
ℹ 安装机制
The registry entry itself has no install spec (lowest risk). README/SKILL.md include manual install examples (npx, copying from ~/.ai-skills or GitHub). Those are normal for sharing skills but, if followed, would pull code from external locations — verify the source before running such commands.
✓ 凭证需求
No environment variables, secrets, or credential requests are declared or used in SKILL.md. Nothing disproportionate is requested for a checklist-style skill.
✓ 持久化与权限
Flags are default (always:false, user-invocable:true, autonomous invocation allowed). The skill does not request permanent presence or modify other skills; privileges are appropriate for a user-invoked checklist.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/10
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install code-review
镜像加速npx clawhub@latest install code-review --registry https://cn.longxiaskill.com