ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Spec Miner

v0.1.0

Use when understanding legacy or undocumented systems, creating documentation for existing code, or extracting specifications from implementations. Invoke for legacy analysis, code archaeology, undocumented features.

0· 1.7k·3 current·3 all-time
byVeera@veeramanikandanr48
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (reverse-engineering, spec extraction) match the required capabilities: the instructions explicitly require file discovery and grep/reading of code, which is appropriate for this purpose. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Instructions correctly direct exploration of source files (Glob/Grep/Read) and include searching for config/.env and external-call patterns. This is coherent for code archaeology, but it means the agent will look for and may read potentially sensitive files (e.g., .env, config files). The SKILL.md does not instruct any exfiltration, but outputs may include secrets found in code/config if not redacted.
Install Mechanism
No install spec and no code files with executable install steps — instruction-only skill with no downloads, which minimizes risk of writing or executing new code on disk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The analysis templates do recommend discovering .env and config files, which is proportional to the stated task but should be treated as sensitive when present.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request persistent system changes or modify other skills. Autonomous invocation is allowed by platform default but not requested specially by this skill.
Assessment
This skill is a coherent, instruction-only guide for extracting specifications from codebases. Before running it, be aware that it instructs the agent to search for and read code and configuration files (including .env and other config), which may contain secrets or credentials. Recommended precautions: run the skill only on codebases you control or in a sandboxed environment; restrict network egress for the agent if possible; review outputs for sensitive values and redact before sharing; and if you don't want configuration secrets inspected, explicitly exclude .env/config paths or instruct the agent to skip them.

Like a lobster shell, security has layers — review code before you run it.

latestvk976h6sdc9yt9zwkrjqm081r5s809eh7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments