ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

oop-dev-skill

v0.1.0

Apply universal object-oriented programming standards derived from battle-tested engineering practices. Use this skill when the user asks to review code qual...

0· 45·0 current·0 all-time
by@dolantan548-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the content: a coding-standards guideline for OOP. However the SKILL.md repeatedly prescribes Java/enterprise-Java idioms (DTO/VO/BO suffixes, @Override, boxed types for DTO fields, ServiceImpl naming, Java-style package rules) while claiming universal, language-agnostic applicability. Those Java-specific hard rules are not appropriate for several target languages (Python, Go, Swift, idiomatic TypeScript) and therefore the 'universal' claim is incoherent with the actual rule set.
!
Instruction Scope
The instructions are purely stylistic and operational (naming, formatting, layering) and do not request files, env vars, or external endpoints — good. But many rules are presented as 'Hard Rules' that give an agent broad discretion to modify/generate code in ways that may be non-idiomatic or breaking for a given language (e.g., forbidding leading underscores, banning 'is' prefix on booleans). The SKILL.md also uses open phrasing like 'Apply whichever sections are relevant,' which leaves substantial agent judgment and could lead to inappropriate transformations if the agent misapplies Java-centric rules to other languages.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files — minimal disk/system footprint.
Credentials
No required environment variables, no credentials, and no config paths requested — proportional for a style/standards skill.
Persistence & Privilege
No elevated privileges requested; always:false and normal invocation settings. The skill does not request permanent presence or modify other skills/configs.
What to consider before installing
This skill is an opinionated, instruction-only OOP style guide — it won't install software or ask for credentials. However, it claims to be language-agnostic while embedding many Java/enterprise-Java conventions as 'hard rules' (e.g., DTO/VO/BO suffixes, @Override, boxed DTO fields, no leading underscores, avoid 'is' prefix on booleans). Before using it, consider: (1) whether you want those Java-centric rules applied to languages with different idioms (Python, Go, JavaScript/TypeScript, Swift), (2) asking the skill/agent explicitly for language-specific variants or to relax/defer hard rules, and (3) reviewing any automated refactorings the agent suggests to ensure they are idiomatic and safe for your codebase. If you need strict, language-accurate guidance, prefer a language-specific style guide or request the agent to follow an established formatter/linter for that language (e.g., pylint/black for Python, gofmt/golangci-lint for Go, clang-format for C#/C++).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dq4s5772438tgmajb4t05ns840ks1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments