Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
review-sendmsg
v1.0.0Perform detailed Python code reviews identifying bugs, security risks, test gaps, and maintainability issues in diffs, patches, or pull requests.
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill is described as a Python code-review helper, but the included scripts target multiple languages (.php, .js, .ts, .sql, .sh), implement a multi-project runner, and send results to an external LLM and Telegram. The registry declares no required environment variables or credentials, yet the code expects LLM_API_KEY, LLM_API_URL, LLM_MODEL, TG_BOT_TOKEN, TG_CHAT_ID, PROJECTS_DATA, and various dirs. These capabilities are broader than the description and the requested/declared requirements.
Instruction Scope
SKILL.md only describes a structured Python review and references local helper scripts but does not mention network I/O, sending notifications, or multi-repo automation. In contrast, the scripts read .env, call an external LLM endpoint with diffs, run subprocesses (git, php, node, bash), write log files, and post messages/documents to Telegram. That expands the runtime scope beyond what the instructions disclose.
Install Mechanism
There is no install spec (instruction-only), which limits installer-level risk. The repository includes requirements.txt (requests, python-dotenv) — common and expected for networked Python scripts. Because the skill ships runnable scripts, installing/ running them will execute network calls and subprocesses on the host; the absence of an install script reduces supply-chain risk but does not eliminate execution-time risk.
Credentials
The skill registry lists no required env vars, but the code requires secrets and config: LLM_API_KEY (and URL/model), TG_BOT_TOKEN and TG_CHAT_ID, PROJECTS_DATA (which can contain git URLs/branches and target chats), and other runtime dirs. Those variables permit sending repository diffs to a third-party LLM service and posting logs to Telegram — powerful exfiltration channels that are not justified or declared by the public metadata.
Persistence & Privilege
always:false and no special privilege flags are set. The skill does not request forced always-on inclusion. However, the runner script is designed to run as a multi-project cron-like process (state, lock, work directories), so if installed and scheduled it could run regularly and contact external services; this is a behavioral risk but not a declared platform privilege.
What to consider before installing
This package contains runnable scripts that will (if configured) send repository diffs to an external LLM endpoint and post logs/notifications to Telegram, but the registry metadata does not declare those environment variables or behaviors. Before installing or running: 1) Do not provide your production LLM API key or real repo credentials until you verify the maintainer and endpoint (LLM_API_URL points to a third-party host). 2) Inspect PROJECTS_DATA to ensure it doesn't point to sensitive/private git URLs. 3) If you need only interactive review functionality, consider removing or disabling the review_runner/telegram parts. 4) Run the scripts in an isolated/test environment (no access to private secrets or production repos). 5) Ask the author/owner for clarification: why the description says 'Python review' while the code reviews many languages, and why required env vars were omitted from the skill metadata. If you cannot verify these answers, treat the skill as untrusted and avoid supplying secrets or connecting it to sensitive repositories.Like a lobster shell, security has layers — review code before you run it.
latestvk97e6zrzk8j5v2hj9t2fhe81ad8396t6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.