ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

EdgeComputing ATS Analyzer

v1.0.0

Analyzes EdgeComputing ATS (Automatic Ticket System) codebase architecture, device protocols, and business logic. Invoke when user asks about ATS project str...

0· 55·0 current·0 all-time
by@jason-ats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (analyzes an ATS codebase) align with the instructions which point to documentation and source folders for that project. However, the skill is written for a specific local checkout (/home/forlinx/.../EdgeComputing/ats/) rather than a generic project location, which is unusual for a reusable skill and suggests it's tailored to a particular developer's environment.
Instruction Scope
SKILL.md instructs the agent to examine files under a specific filesystem path and references doc and source directories. This is coherent for a local-code-analysis skill, but the hard-coded absolute path and explicit build step (cd ats/build-aarch64; ./build.sh) could lead the agent to attempt to read or execute local files/scripts. The instructions do not request unrelated system files or external endpoints, but they do implicitly require access to the user's filesystem and potentially to run build scripts.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be written to disk by an installer (lowest install risk).
Credentials
No environment variables, credentials, or config paths are required. The skill does not request unrelated secrets or cloud credentials.
Persistence & Privilege
always is false and model invocation is allowed (normal behavior). The skill does not request permanent/system-wide presence or to modify other skills' configs.
Scan Findings in Context
[no_findings] expected: Regex scanner found no code files to analyze; this is expected because the skill is instruction-only (SKILL.md only).
What to consider before installing
This skill is coherent for analyzing a local ATS project, but before installing consider: (1) The SKILL.md points to a hard-coded path (/home/forlinx/...), which may be someone else's machine — confirm and edit that path to match your project or remove it if you don't want the skill to access your filesystem. (2) The doc references include build commands (./build.sh); avoid giving the agent run/execute permissions on your system unless you trust it — prefer to run builds yourself. (3) Because the skill is instruction-only, it won't install anything, but it implies reading local files; restrict the agent's file access or run this skill in an isolated environment if you have sensitive files. If you want a reusable skill, request the author generalize path handling (accept user-provided project path) and remove hard-coded user-specific paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk9736s92kw7mn26t44w4nm3mgs83dvvw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments