by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This appears low-risk: it only describes reading diffs and producing reviews and has no installers or credential requests. Before using, consider: (1) avoid pasting sensitive secrets into diffs you give the skill; (2) if you want the agent to fetch private PRs, provide a least-privileged GitHub token and be aware the skill does not itself declare how it will use it; (3) the skill's source is unknown — if provenance matters, verify origin before granting any external access or tokens.详细分析 ▾
✓ 用途与能力
Name and description match the runtime instructions: the skill focuses on reading a PR diff/metadata and producing a review. It does not request unrelated binaries, credentials, or system access.
ℹ 指令范围
SKILL.md instructs the agent to resolve PR numbers, read PR metadata and full diffs and produce structured findings. This stays within the stated purpose. It is slightly ambiguous about whether the agent should fetch diffs from GitHub itself (which would require network access or a token) versus relying on a user-supplied diff — the skill does not declare any credentials or network steps.
✓ 安装机制
There is no install spec and no code files beyond simple metadata and provenance docs, so nothing is written to disk or downloaded by the skill itself.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. This is proportionate to an instruction-only reviewer that operates on supplied diffs. (If you intend the agent to fetch private PRs, you may need to provide a GitHub token externally — that is not requested by the skill itself.)
✓ 持久化与权限
always is false and there is no indication the skill requests persistent system-wide changes or modifies other skills' configs. It does not ask for persistent privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/3
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install pr-audit
镜像加速npx clawhub@latest install pr-audit --registry https://cn.longxiaskill.com