Safety Report

AANA Code Change Review Skill

Name: AANA Code Change Review Skill
Rating: 3 (1 reviews)
Author: mindbomber

Reviews and verifies code changes for scope, correctness, security, testing, secrets, and risks before commits, PRs, or deployments.

23Downloads

0Installs

1Stars

1Versions

Security & Compliance3,689 DevOps & Infrastructure2,137 Git & Version Control1,782 Automated Testing1,300

Security Analysis

medium confidence

Suspicious0.04 risk

The skill’s instructions are mostly safety-focused, but its capability signals claim wallet, purchase, transaction-signing, and sensitive-credential access that does not fit the stated code-review purpose.

May 2, 20265 files3 concerns

Purpose & Capabilityconcern

The SKILL.md and README describe an instruction-only code-change review guardrail, but the provided capability signals list high-impact wallet, purchase, transaction-signing, and sensitive-credential capabilities that are not explained by the code-review purpose.

Instruction Scopeok

The visible instructions are bounded and safety-oriented: they tell the agent to verify scope, avoid secrets, report only observed tests, and seek approval before destructive commands or publishing.

Install Mechanismok

No install spec or code files are present; the manifest says dependencies are not installed and commands are not executed.

Credentialsconcern

For an instruction-only code-review skill, wallet, purchase, signing, and sensitive-credential capability signals appear disproportionate and unexplained.

Persistence & Privilegenote

The manifest states no memory persistence and no file writes, but the capability signals still suggest sensitive privilege requirements that should be clarified before installation.

Guidance

The skill text itself appears to be a benign code-review checklist, but the listed capability signals are unusually broad for that purpose. Before installing, verify whether those signals are platform permissions or false positives; if they are real, decline the unnecessary wallet, purchase, signing, and sensitive-credential access.

Latest Release

v1.0.0

Initial release of the AANA Code Change Review Skill: - Provides detailed instructions and principles for safe, reviewable, and reversible code changes. - Defines pre-flight checks, test claim rules, scope creep rules, and secret leakage policies. - Outlines risk classes, destructive command handling, and review/approval loops. - Specifies output and review summary patterns for code-sensitive operations. - Ensures agents do not run commands, persist changes, or process secrets directly.

More by @mindbomber

AANA Release Readiness Check Skill

1 stars

AANA Message Send Guardrail Skill

1 stars

AANA Ticket Update Checker Skill

1 stars

AANA Email Send Guardrail Skill

1 stars

AANA Meeting Summary Checker Skill

1 stars

AANA Legal Safety Router Skill

1 stars

Published by @mindbomber on ClawHub