Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claude Skill
v0.1.0Use when user asks to leverage claude or claude code to do something (e.g. implement a feature design or review codes, etc). Provides non-interactive automat...
⭐ 1· 415·4 current·4 all-time
byPengfei Ni@feiskyer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, examples, and runtime instructions consistently target the Claude Code CLI and developer workflows (read/write/edit, run tests, use tmux). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run arbitrary claude CLI commands in project workdirs, read and write project files, tail logs, compute hashes, and persist registry state. Critically it recommends using --dangerously-skip-permissions and --permission-mode acceptEdits to avoid permission prompts and auto-accept edits — this directly reduces human oversight and can cause unreviewed code changes. The instructions otherwise stay within a coding-agent scope but explicitly enable unsafe, non-interactive behavior.
Install Mechanism
No install spec in the skill bundle (instruction-only), but SKILL.md tells users to npm install -g @anthropic-ai/claude-code (global npm install) and to have tmux. Suggesting a global npm install requires elevated privileges and should be validated (official package, correct source). No download-from-arbitrary-URL instructions in the bundle.
Credentials
The skill declares no required env vars or credentials, which matches its stated purpose. Examples reference external tools (e.g., mcp__datadog, --mcp-config) that could imply needing monitoring credentials at runtime — those are not declared here and would be provided by the host environment. This absence is acceptable but users should be aware that some example usages require separate credentials not managed by the skill.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed (platform default). The skill instructs storing persistent polling state in a registry (update_registry) and recommends bypassing permission prompts and auto-accepting edits — when combined with autonomous invocation, these behaviors increase the blast radius by enabling unattended, persistent code modifications. The skill does not request system-wide config changes, but its recommended flags reduce safeguards.
What to consider before installing
This skill is coherent for automating the Claude Code CLI, but it explicitly recommends running in non-interactive modes that bypass permission prompts and auto-accept file edits. Before installing or enabling it: 1) Confirm you trust the claude CLI package and install it in a controlled way (prefer non-global install or containerized environment). 2) Avoid using --dangerously-skip-permissions and --permission-mode acceptEdits unless you run the agent in an isolated repo/VM and accept unattended changes. 3) Restrict allowedTools to the minimum necessary (do not grant Write/Edit broadly). 4) If you plan autonomous runs, require explicit human approval for high-impact tasks and audit the registry/logs the skill will write. 5) If examples reference monitoring or other services (mcp__datadog), ensure those credentials are provisioned separately and scoped narrowly. If you want, I can list exact flags and file paths in this SKILL.md that you should disallow or require confirmation for.Like a lobster shell, security has layers — review code before you run it.
latestvk978cmsgtms56kh5zm9s3ey8ws820e7y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.