ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Elixir Code Review

v1.2.0

Reviews Elixir code for idiomatic patterns, OTP basics, and documentation. Use when reviewing .ex/.exs files, checking pattern matching, GenServer usage, or...

0· 70·0 current·0 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included reference docs are consistent with an Elixir code-review skill. No unrelated binaries, env vars, or installs are requested.
!
Instruction Scope
SKILL.md and the reference files only describe code-review checks and safe Elixir patterns. However, the runtime instructions say to "Load and follow [review-verification-protocol](../review-verification-protocol/SKILL.md) before reporting any issue." That referenced file is outside the packaged files and not provided here; instructing the agent to load an external, unspecified instruction file could expand scope (and possibly request additional actions or data) and should be inspected before trusting the skill.
Install Mechanism
No install specification or code files are present (instruction-only). This minimizes disk writes and external downloads.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate for a static code-review checklist.
Persistence & Privilege
always is false and there are no indications the skill requests persistent privileges or modifies other skills/settings. Autonomous invocation is allowed by default and is not by itself a concern.
What to consider before installing
The skill appears to be a straightforward Elixir style/OTP/docs checklist and includes useful reference docs. Before installing or enabling it for autonomous runs: 1) Inspect the referenced review-verification-protocol file (../review-verification-protocol/SKILL.md) to see what additional steps or checks it requires — do not load unknown external instructions without review. 2) Because this is an instruction-only skill that will operate on code you give it, avoid sending production secrets or private credentials inside code you submit for review. 3) If you enable autonomous invocation, consider limiting its scope (e.g., only run on non-sensitive test repos) until you confirm the external protocol and overall behavior are safe.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cf90yy0ajzhx5jz8nr8zx9983bh33

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments