ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OPS_Code_Review

v1.0.1

自动代码审计 Skill,支持 Django/React+TS/PHP 多语言。 触发场景: - SVN post-commit 钩子自动触发增量扫描(仅本次提交文件) - 每周定时全量扫描 - 手动触发:审计代码、code review、代码扫描 - 首次使用前检查:python3 scripts/code_r...

0· 35·0 current·0 all-time
by@freepengyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is a SVN-based code-audit tool (Django/React/ PHP) and the required binaries (svn, bandit, pylint, npx, phpcs) and language-specific analyzers are appropriate for that purpose. However the registry summary/metadata omitted required environment variables that the SKILL.md and code expect (CODE_REVIEW_SVN_USER, CODE_REVIEW_SVN_PASS, CODE_REVIEW_FEISHU_CHAT_ID). That mismatch is an incoherence: the skill requires credentials to function but the metadata does not declare them.
Instruction Scope
The SKILL.md and scripts describe expected behavior and the sequence of steps (checkout/update, incremental/full scans, run bandit/eslint/phpcs/pylint, build a report, save a pending message file). Instructions reference/configure environment variables and a local config.json and instruct deploying an SVN post-commit hook that runs the skill. This stays inside the stated purpose. Caution: the hook deployment requires the SVN server to be able to run or access the skill scripts (the SKILL.md notes this), which may require copying scripts to the server or exposing a path—this expands the deployment surface and should be reviewed before placing hooks on production servers.
Install Mechanism
The SKILL.md lists apt-get/pip/npm/composer install commands for required tools which is reasonable for these dependencies. The registry summary shows only a 'node' install entry while the SKILL.md metadata contains install entries for svn, bandit, pylint, node, phpcs — another metadata inconsistency. Installing system packages and global composer/npm packages is expected but carries the usual operational risk (privilege/sudo, global state). The check/install scripts perform shell installs automatically if invoked; review those commands before running on production systems.
!
Credentials
At runtime the skill expects CODE_REVIEW_SVN_USER, CODE_REVIEW_SVN_PASS and CODE_REVIEW_FEISHU_CHAT_ID (used for svn auth and to identify the Feishu chat). These are proportionate to the declared functionality. The concern is that the registry metadata (Requirements section) lists no required env vars, so the skill may be installed without users being warned up-front that they must supply credentials. Also the skill passes SVN password on the command line (svn --password), which may expose credentials to a local process list—this is a safety/operational concern to mitigate (use limited-permission account or alternative auth).
Persistence & Privilege
The skill does not request always:true and does not try to modify other skills. It writes local state and report files under /tmp and suggests optional config paths under /etc or ~/.config; it also suggests creating an OpenClaw cron job. These behaviors are consistent with an agent-run code scanner and do not indicate excessive privileges by themselves.
What to consider before installing
What to check before installing/deploying: - Metadata vs runtime: SKILL.md and code require SVN credentials (CODE_REVIEW_SVN_USER/CODE_REVIEW_SVN_PASS) and a Feishu chat ID, but the registry metadata doesn't declare them—be sure you supply and protect these when using the skill. - Review the scripts before deployment, especially the SVN hook workflow: the post-commit hook will need to run code_review.py on the SVN server or point to the skill scripts path. Do not blindly drop the hook into a production server—first test in a safe environment. - Limit credentials: create a read-only or narrowly scoped SVN account for scanning, avoid using high-privilege accounts, and consider alternatives to passing credentials on the command line (or ensure process-list exposure is acceptable in your environment). - Review install actions: the skill may run apt-get/pip/npm/composer. Run dependency installation manually in a controlled environment or container rather than allowing automated installs on production hosts. - Inspect check_dependencies / install-deps behavior: the installer attempts to auto-install missing tools and runs shell commands—verify these commands and run them with appropriate privileges and in test environments. - Verify where messages are delivered: the skill writes a pending message file (/tmp/code_review_pending_msg.json) for OpenClaw to pick up and send to Feishu; confirm your OpenClaw instance is configured to read/send these and that the Feishu webhook/chat_id provided is correct and has limited scope. If you need higher confidence, ask the skill author to update registry metadata to declare required environment variables and to provide clearer install guidance (or host the install artifacts on well-known release endpoints).
scripts/report_generator.py:82
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cjvgrce1m2vcsx9r7s66se984zf6p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binssvn, bandit, pylint, npx, phpcs

Install

Install Node.js (for npx/eslint)npm i -g node

Comments