Ai Code Helper
Security checks across malware telemetry and agentic risk
Overview
This appears to be a local code-workflow logging helper, with no evidence of exfiltration or destructive behavior, but it stores entered content in plaintext logs.
This skill looks safe to use as a local logging helper, but do not assume it performs independent AI linting unless the agent shows that work. Avoid logging passwords, API keys, private source code, or sensitive vulnerability details, and check ~/.local/share/ai-code-helper if you want to review or remove stored history.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything the user or agent records, including code snippets, bug details, or security findings, may remain on disk in readable local files.
The skill intentionally persists user-supplied code-workflow notes, lint results, fixes, and history in local plaintext files that can later be searched or exported.
All data is stored in plain text files under the data directory... Default data directory: ~/.local/share/ai-code-helper/
Use it only for information you are comfortable storing locally, avoid entering secrets, and periodically review or delete the data directory if retention is not desired.
A user might over-trust a saved log entry as proof that code was actually reviewed or linted unless the agent separately performs that analysis.
The artifact combines broad AI-powered review/linting wording with implementation-oriented language that describes logging operations; users should understand it is not necessarily an independent validator by itself.
description: "Review, validate, and generate code with AI-powered linting." ... "provides persistent, file-based logging for each operation"
Treat the tool as a local record keeper unless the agent explicitly performs and explains the underlying review, linting, or generation work.
Installation or invocation behavior may be less clear than expected, though the provided artifacts do not show hidden downloads or risky install-time execution.
The registry/install metadata does not fully describe how the included shell script is installed or invoked, even though the SKILL.md documents a CLI workflow.
No install spec — this is an instruction-only skill. Code file presence: 1 code file(s): scripts/script.sh
Confirm how the platform exposes the ai-code-helper command and review the included script before relying on it.