ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tetra Scar Code Review

v0.1.0

Code review that learns from failures. Reflex arc blocks repeat mistakes without LLM calls. Combines systematic checklist review (security, performance, corr...

0· 67·0 current·0 all-time
by@aibenyclaude-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (learning code-review via scars) matches the shipped files and declared requirements: Python 3 only, local CLI/API, local JSONL storage. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Runtime instructions operate on local files and diffs and instruct storing scars to a local review_scars.jsonl — which is consistent. One operational note: scars include user-supplied regex patterns and keyword text which the reflex_check runs against diffs; overly broad or malicious regexes could cause false positives or heavy CPU (ReDoS) when scanning large diffs. The skill also reads/writes files in the current working directory (expected behavior).
Install Mechanism
Instruction-only with bundled Python source files and no install spec — lowest risk. Nothing is downloaded or executed from remote URLs.
Credentials
No environment variables, credentials, or external config paths are required; requested resources are proportional to a local static analysis tool.
Persistence & Privilege
always:false and no code to modify other skills or system-wide agent settings. The only persistent effect is writing/reading a local review_scars.jsonl file (configurable via scar_file parameter), which is reasonable for this tool.
Assessment
This skill appears to do what it says: local, regex/heuristic code review plus a local scar database. Before installing or running it: (1) review the scar JSONL contents or configure the scar file location to a safe directory you control (to avoid unexpected blocks), (2) avoid importing or trusting scars from untrusted sources because regex patterns can trigger false blocks or cause heavy CPU (ReDoS) on large diffs, (3) run the tool in a sandbox or on non-production copy first to confirm behavior, and (4) note it writes review_scars.jsonl in your working directory by default, so back up any existing file you care about.
test_scar_code_review.py:121
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk970s829z0fxwf84e12v4wj81983bgrr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments