ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Python Auto Dev

v1.0.0

Automates Python code generation, testing, debugging, and optimization within a configured conda environment, managing all project files at H:\code\Daily.

0· 145·1 current·1 all-time
byJason Abbott@aptjason
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description state: automated Python generation, testing, debugging, optimization inside a conda env at H:\code\Daily. The bundle includes scripts (generate/create_tests/run_tests/debug/optimize) that implement exactly those tasks. Hard-coded Windows conda path and project dir match the description.
Instruction Scope
Instructions and scripts will create, import, execute, profile and (in places) patch files under H:\code\Daily. create_tests inserts the project dir on sys.path and imports modules under test (which runs any module-level code). run_tests/optimize spawn subprocesses that activate conda and run pytest, cProfile, pylint/flake8. debug_code can produce patches and SKILL.md mentions auto-patching with confirmation but references/script-usage note says it does not auto-apply — a small inconsistency. These behaviors are coherent with development tooling but mean the skill will execute arbitrary project code and shell commands, which is a security consideration.
Install Mechanism
Instruction-only skill with included scripts; there is no downloader/install step. No external URLs or archive extraction. Risk from installation is low, but runtime executes local scripts.
Credentials
The skill requests no credentials or external secrets and hard-codes a conda path and env name (C:\anaconda3\condabin\conda.bat, py311). Scripts run subprocesses with env=os.environ.copy(), so any environment variables present on the host will be visible to spawned subprocesses and to executed project code. The skill also reads/writes files under H:\code\Daily (project workspace) — this is expected but important to confirm before use.
Persistence & Privilege
always:false and no install spec. The skill writes reports, profiles and test files under the declared project directory only. It does not request system-wide configuration changes or modify other skills.
Assessment
This skill appears to do what it says, but before installing consider: (1) It will create and execute code under H:\code\Daily and will import modules (which runs module-level code) — do not point it at directories containing sensitive or untrusted code. (2) It activates a conda env and spawns subprocesses inheriting your environment variables — secrets present in your environment could be exposed to child processes or to project code. (3) Confirm the hard-coded conda path and env (Windows-only) or edit the scripts to match your setup. (4) There is a minor inconsistency about auto-patching: SKILL.md says automatic patching (with confirmation) while references say auto-patching is disabled — review debug_code behavior before allowing automatic modifications. (5) If you plan to run this on important machines, run it first in an isolated VM or sandbox and back up the H:\code\Daily workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk979a30by6qxs2hprws71scwz1832cx7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments