ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Code Debugger

v1.0.0

Provides debugging assistance for AI-generated code with pattern detection, common issue identification, and fix suggestions across multiple programming lang...

0· 73·0 current·0 all-time
by@jpengcheng523-netizen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe a code-debugging assistant and the included SKILL.md plus index.js implement regex-based analysis, fix suggestion, and IDE guidance for the stated languages. Required resources (none) match the described functionality.
Instruction Scope
SKILL.md instructs the agent to call local API functions (analyze, suggestFixes, quickFix, etc.) on code strings. It does not direct the agent to read arbitrary system files, access environment variables, or send data to external endpoints.
Install Mechanism
No install specification is present (instruction-only/packaged code). The repository contains a local index.js and package.json; there are no downloads, extracted archives, or external install steps that would pull remote code at install time.
Credentials
The skill declares no required environment variables, credentials, or config paths. The implementation operates on code strings and pattern matching and does not read process.env or request secrets.
Persistence & Privilege
The skill is not forced-always (always:false) and does not request persistent system-wide privileges. There are no signs it modifies other skills or global agent configuration.
Assessment
This skill appears to be what it claims: a local pattern-based code analyzer and fixer. Before installing, review index.js yourself to ensure no hidden network calls or eval/child_process execution were added (the provided source appears to only use regex matching). Because it will analyze code you provide, avoid sending sensitive secrets inside code strings you analyze. If you plan to run this in a high-security environment, run it in a sandbox or node environment with restricted network/file permissions and verify the module's exports and behavior on a few benign examples first.
index.js:222
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973wq03mkdw0x4g94tvhyc3dn83mwfn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments