ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ghostclaw Clone

v1.0.0

Architectural code review and refactoring assistant that perceives code vibes and system-level flow issues. Use for analyzing code quality and architecture,...

0· 64·1 current·1 all-time
by@ev3lynx727
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the provided codebase: the repository contains a full Python CLI, analysis engines, GitHub/PR helpers, an MCP server, and stack-specific analyzers — all consistent with an architectural review/refactor assistant. However, the SKILL/registry metadata declares no required environment variables while the README/SKILL.md and code reference credentials and env-based configuration (e.g., GH_TOKEN, GHOSTCLAW_* envs, and LLM provider keys). That mismatch is unexplained.
Instruction Scope
SKILL.md instructs the agent/user to scan local repos, clone/pull target repos, write reports into repository roots, and optionally create GitHub PRs and run a cron-style watcher. Those behaviors are consistent with the stated purpose. The instructions also suggest running commands that invoke the included Python code (e.g., python3 src/ghostclaw/cli/...), using the gh CLI, and configuring GH_TOKEN for automated PRs. The instructions do not appear to ask for unrelated secrets or to read system files beyond target repositories, but they do give the skill discretion to clone/pull arbitrary repositories and to open PRs if credentials are present.
Install Mechanism
Registry lists no install spec (instruction-only), but the package includes many code files, package.json, pyproject.toml, and install/service scripts. Running the tool as instructed will execute bundled Python code. No external download URLs are referenced in metadata, which reduces remote fetch risk. However the presence of scripts like scripts/install_service.sh and npm/pip installation guidance (and an npm-centric "npm run install-deps" used for Python deps) is odd and under-documented — this mix of tooling increases operational complexity and deserves review before running.
!
Credentials
The skill declares no required env vars in registry metadata, but the SKILL.md and code reference several environment-driven behaviors: GH_TOKEN (for PR automation), GHOSTCLAW_* config envs, and possible LLM provider keys (OpenAI/Anthropic/OpenRouter) when AI synthesis is used. Those are sensitive credentials and should have been declared. The omission means installing or enabling features that use networked providers or GitHub requires manual secret provision and the skill will use them if present. This mismatch is a substantive concern.
Persistence & Privilege
always is false (good). The repo contains optional service-install scripts and an MCP server implementation which, if run by a user, could expose JSON-RPC endpoints or become a persistent systemd service. Nothing in the registry forces permanent presence, but the included tooling makes it straightforward for a user (or an automated process) to install a background service that performs network operations. Review any service-install scripts before running, and avoid enabling watcher/cron modes until you trust the repo.
What to consider before installing
This package appears to be a real architectural analysis tool, but several red flags mean you should not run it on a production machine or give it credentials without inspection: - Review the code before running: inspect scripts/install_service.sh, scripts/install_service.sh, bin/ghostclaw.sh and any files that start services or run systemd units. They can make the tool persistent. - Expect to supply secrets to enable features: GH_TOKEN (for PR automation) and any LLM provider keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.) are used by the code but were not declared in the registry. Only provide those in a safe, least-privilege manner and preferably in an isolated environment. - Test in a sandbox: run the tool in a disposable VM or container with no credentials first to see local behavior (e.g., generate reports with --no-write-report). - If you plan to use watcher/cron or MCP server features, audit the network-facing code (src/ghostclaw_mcp/server.py and core/bridge.py) and restrict network access (firewall, host bindings). - Consider running static checks and security scans (dependency checks for pyproject/package.json, and searching for code that posts data to unexpected endpoints). Ask the publisher for provenance (official homepage or upstream repo); absent a known upstream, treat this as third-party code and proceed conservatively.
src/ghostclaw/cli/commands/debug/console.py:62
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971s5r4cc1xp9b3r7w571c1t183fmft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments