This skill is specifically for the Clawpatch CLI (openclaw/clawpatch, https://clawpatch.ai) — an npm-installed automated code-review and per-finding fix tool...
Security Analysis
high confidenceThis skill is a disclosed operating guide for the Clawpatch code-review CLI, with expected terminal use, local review state, and user-directed fixing workflows.
The artifacts consistently describe a Clawpatch-specific workflow for running automated code review, reading findings, and optionally fixing or opening PRs; those capabilities match the stated software-development purpose.
The skill limits activation to explicit Clawpatch requests, warns not to use it for generic code review, and includes guardrails around false positives, dirty worktrees, force flags, provider login, and parallel fixing.
Installation relies on an npm package named clawpatch and optional provider CLIs or API credentials; this is disclosed and coherent with the CLI integration purpose.
Terminal access, repository scanning, .gitignore edits, new worktrees, and optional PR creation are high-impact capabilities, but the instructions keep them tied to explicit user requests and review/fix workflows.
The skill discloses persistent .clawpatch/ state for findings and resume behavior, recommends gitignoring it with user confirmation, and does not instruct hidden background execution or credential harvesting.
Guidance
Install only if you intend to let your agent use Clawpatch on repositories. Expect it to run terminal commands, create local .clawpatch review state, use your configured provider CLI, and potentially apply code fixes or open PRs when you ask it to; review findings before allowing fixes.
Latest Release
v0.1.3
Publish clawpatch 0.1.3 from 81838d116d012eb3b6f1dd3cdb02e0c9ea91e209
More by @tmchow
Published by @tmchow on ClawHub
