ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Review

v1.1.1

Final code review and quality gate — run tests, check coverage, audit security, verify acceptance criteria from spec, and generate ship-ready report. Use whe...

0· 632·0 current·0 all-time
byRust@fortunto2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (final review, tests, lint, security, acceptance criteria, report) match the SKILL.md steps (run tests, linters, builds, dependency audits, verify spec, generate report). No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions legitimately direct the agent to run tests, linters, builds, grep for secrets, read docs, and update spec.md checkboxes. This includes mutating repository docs (Edit/Write) and executing project test/build commands (which will run project code). Those behaviors are expected for a review skill, but you should be aware the skill will modify files and execute repository code during its run.
Install Mechanism
Instruction-only skill with no install spec and no external downloads — minimal disk footprint and low install risk.
Credentials
No environment variables, credentials, or external config paths are requested. The checks for common secret patterns (e.g., sk_live) are appropriate for a security audit and proportional to the stated purpose.
Persistence & Privilege
always is false (normal). The skill requires Write/Edit tool permissions to update spec.md checkboxes within the repo — a reasonable repository-level mutation for a quality gate, but it is persistent in the sense that it will change project files. It does not request system-wide or cross-skill configuration changes.
Assessment
This skill is coherent with its stated purpose, but before installing or running it consider: (1) it will run tests/builds which execute project code — run it only on code you trust or in a sandbox/CI runner; (2) it will edit project docs (it checks and updates spec.md checkboxes) so review commits/changes after a run; (3) it searches for secrets (grep patterns) but does not request credentials — nevertheless ensure secrets are not stored in the repo; (4) confirm you grant only the needed tools (Read, Grep, Bash, Glob, Write, Edit, and the listed MCP tools) and restrict access to sensitive projects if needed. If you want extra safety, run this skill in an isolated environment (container/CI job) and review its edits before merging.

Like a lobster shell, security has layers — review code before you run it.

latestvk97adqa81gg65evgeap3ktp86d81j4bk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔎 Clawdis

Comments