ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RegexAssistant

v1.0.1

帮助测试、调试和生成正则表达式,支持匹配测试、分组捕获、全文提取和替换操作。

0· 643·1 current·1 all-time
by@crossallen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a regex tester and the package contains a single CLI script (script/main.py) that implements match, findall, groups, sub, and pattern commands — all expected and proportionate.
Instruction Scope
SKILL.md only instructs running the included Python script with regex and text arguments. Example usage includes shell substitution like $(cat error.log) which demonstrates how a user can pass file contents into the tool; the skill itself does not instruct the agent to read system files or external data automatically.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled script. Nothing is downloaded or written to disk beyond the included files.
Credentials
No environment variables, credentials, or config paths are required or referenced; requested access is minimal and appropriate for a local regex helper.
Persistence & Privilege
No elevated persistence requested (always=false). The skill does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: a local regex tester implemented in a small Python script and documentation. Key points to consider before installing/using: (1) it runs locally and needs no credentials, so there's no obvious network exfiltration built in; (2) be cautious when passing sensitive files as arguments or via shell substitution (e.g., $(cat secret.txt)) since the tool will print matches and replaced text to stdout; (3) you can quickly review the short script (script/main.py) — it contains only standard Python regex usage with no network or filesystem access beyond what you explicitly provide as arguments. If you require higher assurance, run the script in a sandbox or review/execute it locally before granting it any automated invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dgp1y5w017ez9btrcy6vdsn815m5f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments