ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Code Search

v1.0.0

Provides fast, read-only codebase search and exploration using grep for content, glob for filenames, and tree for directory structure with filtering and limits.

0· 425·0 current·0 all-time
by@yanxingang·duplicate of @yanxingang/code-search
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (read-only code search) match the included files and runtime behavior: a shell wrapper around ripgrep (rg), fd, and tree. There are no unrelated environment variables, credentials, or config paths requested.
Instruction Scope
SKILL.md and the script direct the agent to run a local shell script which performs filesystem searches. The script only reads files and directories (search path is an explicit parameter or current dir). This matches the declared purpose. Note: the tool will read any path you point it at (including system or user dirs) so results may include sensitive files if the agent is asked to search those locations.
Install Mechanism
There is no automated install spec in the registry (instruction-only behavior). The included DESIGN.md provides manual install suggestions, including GitHub release tarball downloads and package-manager commands; those sources are standard project releases. Nothing is automatically downloaded or executed by the registry install step.
Credentials
The skill requires no environment variables, no credentials, and no special config paths. All required runtime tools are standard CLIs (rg, fd, tree) and are checked at runtime by the script — proportional to the stated functionality.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide changes. It does not modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but combined with no extra privileges or credentials.
Assessment
This skill appears to be a straightforward, read-only code search wrapper around ripgrep/fd/tree. Before installing or using it: (1) Ensure you trust the agent workspace path used in examples (/root/.openclaw/...) or change it to a safe directory — the script will read any path you give it and could expose sensitive files if asked to search system or home directories; (2) The script checks for rg/fd/tree but does not install them automatically — DESIGN.md suggests curl downloads from GitHub releases if needed; only run those manual install commands if you trust the source and checksum; (3) The shell script parses rg --json using awk in a simplistic way (not a security issue per se, but parsing could mis-handle edge cases); (4) Autonomous agent invocation is allowed by default — if you want to limit when the agent can run filesystem searches, keep the skill user-invocable only or adjust agent policies. Overall the skill is coherent with its stated purpose, but avoid pointing it at directories containing secrets unless you intend to expose that data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0yyf2x32bvcharq757b2mx81xv6r
425downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@yanxingang
latest
Download

Code Search Skill

Fast code search toolkit for exploring codebases. Provides structured grep (content search), glob (filename search), and tree (directory structure) via ripgrep, fd, and tree CLI tools.

When to Use

  • Searching for function/class/variable definitions or usages in code
  • Finding files by name or extension pattern
  • Understanding project directory structure
  • Exploring unfamiliar codebases
  • Looking for configuration files, imports, error messages

Prerequisites

Run dependency check first:

bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh check

Commands

All commands go through a single entry point:

bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh <command> [options]

grep — Search file contents

# Basic search
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh grep "func main" --path /some/project

# Literal text (no regex interpretation)
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh grep "fmt.Println(" --literal --path /some/project

# Filter by file type
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh grep "import" --type go --path /some/project

# With context lines
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh grep "TODO" --context 2 --path /some/project

# Limit results
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh grep "error" --max 20 --path /some/project

Options:

  • --path <dir> — Search directory (default: current dir)
  • --type <ext> — File type filter: go, py, ts, js, etc. (repeatable)
  • --literal — Treat pattern as literal text, not regex
  • --max <n> — Max results (default: 100)
  • --context <n> — Show N lines of context around matches (default: 0)

glob — Search filenames

# Find all Go files
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh glob "*.go" --path /some/project

# Find test files
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh glob "*_test.go" --path /some/project

# Find config files
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh glob "*.{json,yaml,yml,toml}" --path /some/project

# Filter by type
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh glob "config" --type f --path /some/project

Options:

  • --path <dir> — Search directory (default: current dir)
  • --type <f|d> — f=files only, d=directories only
  • --max <n> — Max results (default: 200)

tree — Directory structure

# Default (3 levels deep)
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh tree --path /some/project

# Shallow view
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh tree --path /some/project --depth 1

# With file sizes
bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh tree --path /some/project --depth 2 --size

Options:

  • --path <dir> — Target directory (default: current dir)
  • --depth <n> — Max depth (default: 3)
  • --size — Show file sizes

check — Verify dependencies

bash /root/.openclaw/workspace/skills/code-search/scripts/search.sh check

Output Format

All commands output structured text with clear delimiters:

  • [SEARCH RESULTS: grep] / [SEARCH RESULTS: glob] / [DIRECTORY TREE]
  • [END RESULTS] / [END TREE]
  • [TRUNCATED: ...] when results exceed the limit
  • [ERROR] ... on failures

Notes

  • All operations are read-only — no files are modified
  • Automatically ignores .git, node_modules, pycache, vendor, build artifacts
  • Respects .gitignore rules
  • Results sorted by modification time (newest first) for grep and glob

Comments

Loading comments...