Li_codeQL_LLM
Security checks across malware telemetry and agentic risk
Overview
The skill matches a CodeQL security-scanning purpose, but its artifacts expose Jenkins/Gitea credentials, encourage high-impact Jenkins pipeline changes, and send scan results to LLM/CI systems in ways that are under-disclosed.
Use this only in an authorized test or internal environment. Before installing, remove and rotate any embedded Jenkins/Gitea credentials, review all Jenkins job-creation scripts, do not disable Jenkins CSRF protection, and keep LLM analysis and SARIF upload disabled unless you are comfortable sharing the scan contents with the configured agent or CI service.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or attacker who sees or copies these artifacts could gain or reuse CI access, and exposed CI tokens may allow builds or pipeline changes.
The documentation contains an actual-looking Jenkins username and API token in a command that can trigger a CI job.
curl -u devops:110ffb6071ded434a52bd153217f3fc873 \ -X POST "http://192.168.4.53:8080/job/codeql-security-scan/build"
Remove all real-looking credentials from the skill, rotate any exposed Jenkins/Gitea tokens, and require users to configure least-privilege credentials outside the skill files.
Following these steps on a real Jenkins instance could weaken Jenkins security controls and allow persistent CI job or pipeline changes.
The skill suggests disabling Jenkins CSRF protection and then running a script to create a Jenkins job, which is a high-impact CI administration workflow.
Jenkins.instance.getDescriptor("hudson.security.csrf.DefaultCrumbIssuer").setUseStandardCrumb(false)
...
python3 create_jenkins_job.pyDo not disable CSRF protection on production Jenkins. Use scoped Jenkins API tokens, proper crumbs, and require explicit review before creating or updating CI jobs.
SARIF reports can include source paths, code snippets, vulnerability details, and occasionally secrets; sending them to an LLM agent can expose sensitive project information.
The LLM integration reads SARIF scan results and sends up to 50,000 characters to an OpenClaw agent through a gateway, but the artifact does not clearly define the agent boundary, provider, retention, or redaction guarantees.
with open(sarif_file) as f:
sarif_content = f.read()
...
analysis: SecurityAnalysis = await agent.execute_structured(
f"""分析这个 CodeQL 安全扫描报告:
{sarif_content[:50000]}Make LLM analysis opt-in, clearly state where the data goes, redact secrets before sending, and allow users to review the exact SARIF content before transmission.
Users may incorrectly believe scan results always remain local, even when enabling LLM analysis or Jenkins/SARIF upload workflows.
The privacy statement makes a broad no-remote-transmission claim while other artifacts describe optional LLM analysis, Jenkins upload, and external service integration.
No Remote Transmission - Scan results are not sent to any remote servers ... LLM analysis: User can choose whether to send
Revise the privacy statement to accurately describe all optional data transfers, including LLM gateway analysis and Jenkins/Gitea uploads, with clear defaults and consent points.
This is normal for a CodeQL scanner, but users should verify the download source and version before installing a tool into a system path.
The manual setup downloads the latest CodeQL binary and installs it into a system path without a pinned version or checksum.
wget https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip unzip codeql-linux64.zip -d /opt/codeql ln -s /opt/codeql/codeql/codeql /usr/local/bin/codeql
Pin a CodeQL CLI release, publish checksum verification steps, and avoid privileged/system-wide installation unless necessary.