• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Best possible solution:

Keep the setup direction, but require the fixed Crabbox/repo runner labels in the hydrate workflow and get owner approval for the resulting security/automation boundary.

Do we have a high-confidence way to reproduce the issue?

Yes for the review finding: source inspection shows the hydrate job selects self-hosted plus only the dynamic input label, while .crabbox.yaml declares fixed Crabbox/repo labels. No live dispatch was needed to verify the mismatch.

Is this the best way to solve the issue?

No; the setup is directionally maintainable, but the workflow should constrain self-hosted runner selection before merge or receive explicit owner acceptance of the dynamic-only boundary.

Label changes:

• add P2: This is normal-priority maintainer infrastructure work with a concrete workflow security/automation issue to resolve.
• add merge-risk: 🚨 security-boundary: The workflow selects self-hosted runners and writes Crabbox state/env handoff files, so runner targeting is a security boundary.
• add merge-risk: 🚨 automation: The PR adds a new manually dispatched self-hosted Crabbox hydration workflow that changes validation automation.
• add rating: 🦪 silver shellfish: Current PR rating is 🦪 silver shellfish because proof is 🌊 off-meta tidepool, patch quality is 🦪 silver shellfish, and The setup is coherent, but a security-sensitive workflow runner-boundary defect keeps the patch from being merge-ready.
• add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Not applicable: The author is a repository member and this PR is maintainer setup/policy metadata, so the external contributor real-behavior proof gate does not apply.

Label justifications:

• P2: This is normal-priority maintainer infrastructure work with a concrete workflow security/automation issue to resolve.
• merge-risk: 🚨 automation: The PR adds a new manually dispatched self-hosted Crabbox hydration workflow that changes validation automation.
• merge-risk: 🚨 security-boundary: The workflow selects self-hosted runners and writes Crabbox state/env handoff files, so runner targeting is a security boundary.
• rating: 🦪 silver shellfish: Current PR rating is 🦪 silver shellfish because proof is 🌊 off-meta tidepool, patch quality is 🦪 silver shellfish, and The setup is coherent, but a security-sensitive workflow runner-boundary defect keeps the patch from being merge-ready.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Not applicable: The author is a repository member and this PR is maintainer setup/policy metadata, so the external contributor real-behavior proof gate does not apply.

Full review comments:

• [P1] Require Crabbox labels on the hydrate runner — .github/workflows/crabbox-hydrate.yml:35
  The job currently matches any self-hosted runner carrying the user-supplied label. Since .crabbox.yaml already declares the fixed crabbox, openclaw, and discrawl labels, include those static labels in runs-on; otherwise a bad dispatch input can hydrate on the wrong self-hosted runner and write Crabbox state/env files there.
  Confidence: 0.84

Overall correctness: patch is incorrect
Overall confidence: 0.84

Security concerns:

• [medium] Dynamic-only self-hosted runner selection — .github/workflows/crabbox-hydrate.yml:35
  The hydrate workflow trusts the dispatch input as the only runner label besides self-hosted; requiring the fixed Crabbox/repo labels would reduce the chance of running the hydration job on an unintended self-hosted runner.
  Confidence: 0.84

Acceptance criteria:

• git diff --check
• ruby -e 'require "yaml"; YAML.load_file(".github/workflows/crabbox-hydrate.yml")'
• actionlint .github/workflows/crabbox-hydrate.yml

What I checked:

• PR diff scope: The patch adds eight setup files covering skills, .crabbox.yaml, a workflow_dispatch Crabbox hydrate workflow, CODEOWNERS additions, AGENTS.md, and SECURITY.md. (814528b696fd)
• Hydrate runner selection: The new hydrate job runs on self-hosted plus only the dynamic dispatch input label, so a bad input can select a self-hosted runner without the repo's fixed Crabbox labels. (.github/workflows/crabbox-hydrate.yml:35, 814528b696fd)
• Expected Crabbox labels: .crabbox.yaml declares the fixed runner labels crabbox, openclaw, and discrawl, which the workflow should also require when selecting the self-hosted runner. (.crabbox.yaml:19, 814528b696fd)
• Current ownership surface: Current main already routes workflows and repository security/package surfaces to openclaw-secops in CODEOWNERS. (.github/CODEOWNERS:1, 57a49be163a0)
• Workflow and CODEOWNERS provenance: History shows Peter Steinberger introduced the existing workflow/CODEOWNERS baseline in the v0.9.1 release commit. (.github/CODEOWNERS:1, 118dea0a308d)

Likely related people:

• @openclaw/openclaw-secops: Current CODEOWNERS protects workflows and the PR extends that ownership to skills, .crabbox.yaml, AGENTS.md, and SECURITY.md. (role: CODEOWNERS team for setup and security surfaces; confidence: high; commits: 118dea0a308d, 814528b696fd; files: .github/CODEOWNERS, .github/workflows/crabbox-hydrate.yml, .crabbox.yaml)
• Peter Steinberger: Git blame/log tie the existing workflow and CODEOWNERS baseline to the v0.9.1 release/setup history. (role: recent workflow and repository setup contributor; confidence: high; commits: 118dea0a308d, 57a49be163a0; files: .github/CODEOWNERS, .github/workflows/ci.yml, .github/workflows/codeql.yml)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 57a49be163a0.

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.