by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to be what it says: a recipe for spawning an ephemeral code-review subagent. Before installing/using it, confirm that your agent environment provides the sessions_spawn API and that the cwd you supply points to the intended repository. Be careful not to include sensitive secrets in the git diff or the review prompt (credentials, private keys, API tokens); redact or exclude those files. Prefer ephemeral project paths and least-privilege subagent runtimes, and validate any subag...详细分析 ▾
✓ 用途与能力
The name/description promise (dispatch code-review subagent) matches the SKILL.md: it explains collecting a git diff, preparing a review prompt, and calling sessions_spawn to run a subagent. No unrelated binaries, env vars, or config paths are requested.
✓ 指令范围
Runtime instructions focus on preparing review context (git diff, summary, SHAs) and spawning a review session. They do not instruct reading unrelated system files, exfiltrating session history, or sending data to external endpoints. The use of cwd and /tmp is typical for repository-based workflows.
✓ 安装机制
This is an instruction-only skill with no install spec and no code files — lowest-risk install posture. There is nothing downloaded or written by an installer.
✓ 凭证需求
The skill declares no required environment variables or credentials. It expects access to a git repository (running git diff/log), which is coherent for a code-review helper. No unrelated credentials or secrets are requested.
✓ 持久化与权限
always is false and autonomous invocation is allowed (platform default). The skill does not request persistent system presence or modification of other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/26
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install openclaw-requesting-code-review
镜像加速npx clawhub@latest install openclaw-requesting-code-review --registry https://cn.longxiaskill.com