Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
lqs-skill
v1.0.1LQS Skill — prompt/schema/template driven artifact generator for the LQS codebase. Manual-run only: users paste free-text requirement or exported document te...
⭐ 0· 73·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (generate controller/model/view/migration previews) align with included prompts, templates, schemas, and examples. No environment variables, binaries, or install steps are requested that would be unrelated to generating templates and diffs.
Instruction Scope
SKILL.md and prompts consistently describe a manual, human-in-the-loop flow that outputs JSON, RenderPlan, diffs, and (on approve) writes files. Some prompts reference scanning 'project code fragments' or fetching Google Doc content; the repo also contains packaged context and samples. The skill explicitly states it does NOT execute code or fetch externally automatically, but there is a small ambiguity in examples/google_doc_ingest_contract.md which lists '抓取文档正文' (fetch) while other notes and nl_analysis_policy indicate no built-in Google Doc fetch. Reviewers should confirm the platform/agent will not autonomously read repository files or fetch documents without explicit user steps.
Install Mechanism
Instruction-only skill with no install spec and no code files executed at install time. Nothing is downloaded or extracted, which minimizes install risk.
Credentials
No required env vars, credentials, or config paths are declared. context.json indicates credentials were removed. The templates include DB call code as sample migration content, but that is part of generated artifacts (not a runtime requirement).
Persistence & Privilege
always:false and user-invocable:true. The skill does present a 'write files on approve' prompt, which is expected for a code-generation workflow; there is no indication it modifies other skills or system-wide settings.
Assessment
This Skill appears internally consistent for manual, prompt-driven generation of boilerplate artifacts. Before installing or using it: (1) confirm how your agent/platform handles reading the repository and external URLs — the Skill expects manual paste or user-provided project fragments and explicitly says it won't auto-fetch, but some example text references 'fetching' which could be ambiguous; (2) carefully review any generated migration files and migration_add_menu templates before executing them in any database — templates contain SQL/DB calls and inserting/running migrations will change your DB; (3) when approving 'write' actions, ensure the target paths and diffs are acceptable, and that backups are created for overwritten files; (4) since the Skill can write files when you approve, verify the platform prompts the user before any file writes and that you (or an external CI) control execution of migrations. If you need absolute assurance that no automatic fetching or repo scanning will occur, ask the skill author (or inspect runtime plumbing) to confirm the agent will only operate on user-supplied text and the included .skill assets.Like a lobster shell, security has layers — review code before you run it.
latestvk979zv0akn0f5z8c9t1262ephn838e6f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.