ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Code Helper

v2.0.2

Review, validate, and generate code with AI-powered linting. Use when fixing bugs, generating boilerplate, formatting, or running analysis.

0· 276·1 current·1 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Ai Code Helper / code review, generate, lint, format, etc.) align with the provided script and SKILL.md: the tool is a local CLI that logs operations and provides simple export/search/stats functionality. Minor cosmetic inconsistencies (SKILL.md header uses 'Claude Code' and script reports v2.0.0 while registry shows v2.0.2) are present but do not alter capability.
Instruction Scope
SKILL.md instructions and the script implement only local operations (writing/reading plain-text logs under ~/.local/share/ai-code-helper, searching with grep, exporting files). This matches the declared scope. Important note: the tool persistently records any user-provided input (including code snippets, config, or secrets) to plain-text logs and history, which is a privacy/data-leakage risk if users store sensitive material.
Install Mechanism
No install spec is provided (instruction-only with a bundled script); nothing is downloaded or written outside the user's data directory. No external package installs or remote fetches are present in the included script.
Credentials
The skill declares no required environment variables, credentials, or config paths and the script only uses HOME to construct a per-user data directory. No unrelated credentials or network endpoints are requested.
Persistence & Privilege
The skill runs as a normal CLI and stores persistent data in the user's home (~/.local/share/ai-code-helper). always:false and default autonomous invocation are set. The persistent logging behavior is expected for a historical/logging tool, but users should be aware it will retain any input indefinitely unless they delete or rotate files.
Assessment
This skill appears to do what it says: a local CLI logger for code review/generation/linting activity. Before installing/using it, review the bundled script (already included) and be mindful that any text you pass (including full code snippets, configuration, or secrets such as API keys) will be written in cleartext to ~/.local/share/ai-code-helper/*.log and history.log. If you plan to log sensitive content, consider: (1) not logging secrets or truncating/redacting them before saving, (2) setting restrictive file permissions on the data directory, (3) adding the data directory to backups/retention policies or .gitignore as appropriate, and (4) periodically deleting or encrypting logs. The minor version/name mismatches are cosmetic but you can verify the latest script in the upstream repo if desired.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ec6gngj29s503ae93mj2d4x8355ay

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments