Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dev Productivity Bundle
v1.0.0开发者效率套装 - 程序员的AI副驾驶,让开发效率翻倍。整合代码审查、Bug追踪、文档生成、部署监控四大能力。自动化Code Review + 智能化Bug管理。定价¥149/套。
⭐ 0· 67·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims integrated capabilities (code review, bug tracking, docs, monitoring) which legitimately require GitHub and other service credentials, webhooks, and potentially network access. However the registry metadata lists no required environment variables, no config paths, and no primary credential. That omission is inconsistent with the SKILL.md content, which explicitly references GITHUB_TOKEN and GITHUB_WEBHOOK_SECRET and per-repository configuration. The lack of declared requirements is a mismatch.
Instruction Scope
The SKILL.md instructs the agent/operator to run py -m clawhub install for many sub-skills, to clone a GitHub repo and run ./install.ps1, and to edit config/code-review.yaml with ${GITHUB_TOKEN} and ${GITHUB_WEBHOOK_SECRET}. It also proposes actions such as auto-assigning bugs and publishing docs. These instructions reach beyond a simple helper: they direct installation of other software, execution of an install script from an external repo, and use of sensitive tokens. The instructions also include user-facing prompts that could lead the agent to perform automated operations with broad side effects; this broad scope is not represented in the declared metadata.
Install Mechanism
There is no formal install spec in the registry (instruction-only), which reduces stored attack surface. However the README and SKILL.md explicitly tell users to git clone a GitHub repo and run ./install.ps1 and to run py -m clawhub install to fetch many sub-skills. Those steps would execute code from external sources (unknown origin here). Because the source/homepage are unknown and the repo referenced is a generic GitHub URL, running the install script could execute arbitrary commands — this is a notable operational risk even if the skill itself has no packaged installer.
Credentials
The registry lists no required env vars, but the SKILL.md and config templates reference ${GITHUB_TOKEN} and ${GITHUB_WEBHOOK_SECRET} and show usage of Authorization: Bearer {access_token}. Requesting GitHub tokens and webhook secrets is reasonable for GitHub integration, but they should have been declared in requires.env / primaryEnv. Additionally, the skill instructs installing other sub-skills which themselves may require further credentials. The absence of declared credentials combined with explicit credential usage in instructions is disproportionate and unclear.
Persistence & Privilege
always is false and default agent invocation settings apply. The skill does not request permanent inclusion or system-level config changes in the metadata. That said, runtime instructions ask the operator/agent to install sub-skills and run install scripts, which, if granted, could increase the skill's effective privileges — but the metadata itself does not request elevated persistence.
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode-injection patterns were detected inside SKILL.md. These patterns are not expected for a developer-productivity instruction file and may indicate attempt to influence prompt parsing or hide content. Treat as suspicious and inspect raw file contents before executing anything.
What to consider before installing
This skill appears to be a collection of instructions that will ask you to install many other sub-skills, clone a GitHub repo, and run an install.ps1 script — but the package metadata omits the credentials and permissions the instructions clearly require. Before installing or running anything: 1) Do not run install.ps1 or any install commands until you verify the exact repository URL and review its install script content. 2) Inspect config/code-review.yaml.template and other config files locally and remove or limit embedded secrets; use a least-privilege GITHUB_TOKEN (scoped to only the minimum repo actions needed). 3) Treat any automated "auto-assign" or "publish" actions as potentially destructive — require manual confirmation or audit logs. 4) Be cautious installing the listed sub-skills (ai-refactoring-assistant, gh-issues, etc.); review each sub-skill’s source, required env vars, and permissions. 5) Because the SKILL.md contains unicode-control prompt-injection markers, review files in a raw editor to ensure no hidden characters or obfuscated instructions exist. If you cannot verify sources and scripts, avoid running the install steps.Like a lobster shell, security has layers — review code before you run it.
latestvk979e1br5fgzd951zar71s9hgx83n14q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.