ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Review Rust

v1.0.1

Comprehensive Rust code review with optional parallel agents

0· 60·1 current·1 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill declares no required binaries or environment variables, but the runtime instructions assume and run CLI tools (git, cargo/clippy, grep, head, etc.). Those binaries are essential for the described review tasks yet are not listed in requirements, which is an incoherence.
!
Instruction Scope
Instructions perform local repo operations (git diff, reading Cargo.toml, running cargo clippy/check) which is appropriate for code review, but SKILL.md contains several incorrect or unclear technical claims about Rust 'edition 2024' behavior (e.g., fabricated attribute forms like #[unsafe(no_mangle)] and other dubious statements). The skill also instructs loading multiple external 'beagle-rust:*' skills and spawning subagents — this increases operational complexity and requires trusting those other skills.
Install Mechanism
Instruction-only skill with no install spec or code files: nothing is written to disk by an installer. This is the lowest-risk install model.
Credentials
The skill requests no environment variables, secrets, or config paths. All data access is local repository files and git history, which is proportionate to a code-review task.
Persistence & Privilege
always is false and the skill does not request persistent privileges. It does instruct spawning parallel subagents and loading other skills; that increases runtime breadth but does not itself request permanent or cross-skill configuration changes. disable-model-invocation is set true in the header — this reduces LLM-driven autonomy but may also affect how the skill operates.
What to consider before installing
This skill largely does what its name says (runs local git/cargo checks and consolidates findings) but there are important inconsistencies you should resolve before installing: 1) The metadata omits required CLI tools (git, cargo/clippy, grep, head). Ensure those exist where the skill will run. 2) SKILL.md contains several technical inaccuracies about a supposed 'edition 2024' — treat those claims as untrusted and cross-check against official Rust docs before acting on them. 3) The skill depends on loading other 'beagle-rust:*' skills and spawning subagents; verify those skills exist and are trustworthy, since they will be invoked and may inspect the repository. 4) Because the skill reads the full repository and runs linters/checks, plan to run it in a controlled environment if the repo contains secrets or sensitive files. If you want, I can extract a minimal checklist of the exact CLI commands the skill will run and produce a corrected, trimmed SKILL.md with accurate Rust edition notes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpsy6e5kn1zmfdc7kg85y8984p0px

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments