ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Repo Onboarding Guide

v1.0.0

扫描仓库目录与说明文件,生成新成员上手路径、推荐阅读顺序与踩坑提醒。;use for repo, onboarding, developer-experience workflows;do not use for 泄漏私有源码内容到外部, 执行构建命令.

0· 56·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description, required binary (python3), and included files align with a repo-audit/onboarding generator. However SKILL.md and README emphasize a safety boundary '默认只读目录与文件名' (only read filenames), while scripts/run.py clearly reads file contents (Markdown, source files, CSVs) to build reports and pattern matches. This is an internal inconsistency between claimed safe scope and actual capability.
!
Instruction Scope
Runtime instructions permit executing the local script (python3 scripts/run.py ...) and instruct the agent to produce structured outputs. The SKILL.md warns not to leak private source and not to run builds, but it still permits running the script which will read full file contents and pattern-scan for secrets. There is no automated safeguard preventing the agent from including sensitive content in outputs — the skill relies on the operator to sanitize.
Install Mechanism
No external install step or downloads. The skill is instruction-only with an included Python script; nothing pulls code from remote URLs or executes installers. This is low-risk from supply-chain/install perspective.
Credentials
No environment variables or credentials are requested. The skill does read files from a supplied directory (including source files), which is necessary for the stated purpose, but this increases the chance of accidental exposure of secrets present in the repository.
Persistence & Privilege
always=false and no special privileges requested. The skill does not attempt to modify other skill configs or system-wide settings. It can be executed locally; autonomy (model invocation) is enabled by default but not unusual — note that autonomous execution combined with the ability to read repo files increases blast radius if misused.
What to consider before installing
This skill appears to do what it says (produce onboarding reports) and only needs python3, but there is a notable mismatch: docs claim it only inspects directory/file names while the script actually reads file contents (Markdown, code, CSV) and pattern-scans for secrets. Before installing or running: 1) review scripts/run.py yourself (it's bundled) and confirm you are comfortable with it reading repository files; 2) do not run it against repositories containing secrets or private data unless you are prepared to review/strip outputs first; 3) run in a sandbox or with --dry-run and inspect generated output before sharing externally; 4) if you require stricter guarantees (e.g., only filenames), request or implement a version that limits reads to file metadata only; 5) if you plan to allow autonomous invocation, be aware that an agent could run the script on any repository it has access to — restrict skill usage or add explicit checks to avoid accidental data leakage.

Like a lobster shell, security has layers — review code before you run it.

latestvk977wc5nha0d6vjwr5sbwf0ah983eemp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧬 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments