ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Code Mastery

v1.0.0

Complete guide to mastering Claude Code CLI — installation to production workflows

0· 28·0 current·0 all-time
by@abhinas90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill advertises MCP server setup and integrations (DB, GitHub/GitLab, filesystem operations) but the bundle contains only docs and templates; there are no MCP scripts or any install artifacts. If MCP setup is a real deliverable, the package should include scripts and/or explicitly request the credentials those integrations require.
!
Instruction Scope
SKILL.md and CLAUDE.md instruct the agent/user to run MCP setup scripts from /mcp-scripts, yet no such directory or scripts are present. The instructions suggest operations that could require system access or credentials, but the runtime guidance in this package is high-level and missing the concrete, declared steps.
Install Mechanism
There is no install spec and no code files—this minimizes direct install risk. The package is instruction-only, so nothing will be written to disk by an installer as part of this skill bundle.
Credentials
The package declares no required environment variables or credentials, but its content explicitly covers integrations (databases, GitHub/GitLab, API testing) that typically need secrets and tokens. The omission of any declared env vars is a mismatch that could lead to ad-hoc requests for credentials at runtime or in external scripts not included here.
Persistence & Privilege
No elevated persistence flags (always: true) are set and the skill is user-invocable only. It does not request to modify other skills or system-wide settings in the provided files.
What to consider before installing
This package is an instruction-only guide that promises MCP server scripts and integrations but doesn't include them or list any credentials. Before installing or following its instructions: 1) ask the author or vendor for the missing /mcp-scripts and any install artifacts and inspect them closely; 2) do not supply database, GitHub, or other tokens until you can review the exact scripts and network endpoints they contact; 3) prefer packages with a verifiable source/homepage and explicit environment requirements; and 4) if you must run any MCP scripts from an untrusted source, run them in an isolated environment (container or VM) and review the code for network calls and credential usage. Providing those artifacts or a public source URL would raise confidence—currently the mismatch between claimed deliverables and included files is the main concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dj948aw851xwk2h55bvxzw984d1v1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments