yes, you should be able to check core/18/20 with it too … (note that local snaps in /var/lib/snapd/snaps have their permissions set in a way you can not scan them easily, so better do a “snap download core20” and use a fresh download)
(one thing to notice for these snaps is that these snaps do not ship proper manifest.yaml files but instead have a usr/share/snappy/dpkg.list inside that lists the binaries they were built from, review-tools has a special case in the code for this)