Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code Quality System (FightingDao)

v1.2.1

完整的代码质量分析系统，包含前后端服务和数据库。支持周/月维度分析、AI代码审查、Teams消息通知、邮件报告。触发场景：(1) 用户要求进行代码质量分析 (2) 生成周报/月报 (3) 统计代码变更 (4) 分析分支提交 (5) 同步分析数据到数据库。

⭐ 0· 59·0 current·0 all-time

by@fightingdao

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

Name/description (code-quality system) align with the included code and scripts (git analysis, AI review, DB sync, Teams/email notifications). However the registry metadata claims no required env vars/config paths, while the code expects config files (e.g., ~/.openclaw/openclaw.json, ~/.openclaw/workspace/code-quality-config.json, .email-config.json), database credentials (Prisma/DATABASE_URL), SMTP credentials, and Teams webhook/secret. That metadata omission is an incoherence and a meaningful risk.

Instruction Scope

SKILL.md and README instruct running many scripts that execute git, spawn child processes, clone GitHub repos, run Prisma migrations, read/write local files under HOME, call external AI endpoints, and send emails/Teams messages. Scripts explicitly read openclaw.json for API keys and will send diffs/statistics to external AI provider and notification endpoints. Also a documented policy forces generating at least one 'code issue' per project when none are found — this can create fabricated records in the database. The instructions access local config and credentials beyond what the skill declared.

ℹ

Install Mechanism

There is no formal install spec (instruction-only), but README directs cloning backend/frontend repos from GitHub (https://github.com/FightingDao/...). That is expected for a packaged system but means network activity and pulling third-party code. No opaque download URLs or archive extracts were found; install remains manual via git/npm and system tools (Node, PostgreSQL).

Credentials

Registry metadata lists no required env vars, yet code and docs require/expect multiple secrets and config sources: AI provider API key in ~/.openclaw/openclaw.json, DATABASE_URL/Prisma DB credentials or SQLite config, SMTP credentials (in .email-config.json or env), Teams webhook URL and secret, plus local codebase paths. Requiring access to DB credentials, email SMTP credentials, and an AI API key is proportionate to the described functionality, but the fact that the skill's declared requirements omit them is an inconsistency and increases risk (silent access to secrets).

✓

Persistence & Privilege

The skill is not marked always:true and does not request special platform privileges. It reads and writes its own config/data and writes to the project's database, which is expected. Note: because the skill can be invoked autonomously by default, combined with the above secret/config access this increases blast radius — but autonomous invocation alone is the platform default.

What to consider before installing

This package is functionally coherent with a code-quality system, but there are important red flags you should address before installing or running it: - Metadata mismatch: The registry claims no env vars/configs but the code expects several files and secrets (openclaw.json with AI apiKey, DB credentials for Prisma or DATABASE_URL, SMTP credentials, Teams webhook/secret). Treat that as a serious discrepancy — assume the skill will read those files from your HOME. - Sensitive data flows: The scripts gather git diffs, commit metadata, and file contents and send them to an external AI provider (configured in ~/.openclaw/openclaw.json) and to Teams/SMTP. If your repositories contain proprietary or secret data, this will transmit it to third-party endpoints. Only proceed if the AI provider and notification endpoints are trusted or you run the AI locally. - Fabricated data: The system enforces generating at least one code issue per project if none are found. That can insert artificial records into your database and produce misleading reports; review/adjust this behavior if you need accurate audits. - Recommended precautions: 1) Do not run on a production machine or a host containing sensitive repos. Use an isolated VM/container with limited network access. 2) Inspect and vet the config files (README references GitHub repo URLs and config.json). Confirm the GitHub URLs are legitimate and review the cloned repos before running their install scripts. 3) Provide least-privilege credentials: create a dedicated DB user with limited rights and an email account/bot that only sends to intended recipients. Prefer SQLite if acceptable to avoid exposing DB credentials. 4) If you must use an AI provider, prefer one you control or an on-prem/local model; otherwise restrict network access and monitor traffic. Check ~/.openclaw/openclaw.json contents and confirm the provider is trusted. 5) Review and test scripts (especially those using child_process/execSync) to ensure they do what you expect. Consider running with dry-run flags or adding logging before allowing any write (DB insert/delete) operations. 6) If you want to use the skill only for local analysis without exfiltration, modify AI calls to a local model or disable notify scripts and external POSTs. Given the metadata omissions and external data flows, treat this skill as suspicious until you validate its config and endpoints, and run it in a sandboxed environment.

✗

scripts/analyze-code-v2.js:144