Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Virtuoso Skill
v1.0.4Cadence Virtuoso Skill语言开发辅助工具,包含API查询、代码校验、智能补全功能。使用场景:(1) 编写/调试Virtuoso Skill代码;(2) 检查API调用是否合法;(3) 查询Skill函数的用法和参数;(4) 避免API幻觉和未定义函数调用。
⭐ 1· 193·0 current·0 all-time
by@keenone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the bundled assets: a local API database, a chatbot (skill_chatbot.py), and a linter (skill_lint.py). The files and references to Cadence/Virtuoso APIs are coherent with the stated purpose. However, scripts include a hard-coded absolute path (/root/.openclaw/qqbot/downloads/...) in extract_functions.py which is unnecessary for normal usage and looks like a leftover from the developer environment.
Instruction Scope
SKILL.md only instructs running the included scripts and optionally starting a local web server — actions that match purpose (searching and linting APIs). The runtime instructions do not request remote endpoints, credentials, or broad system access. Still: the scripts will read files from disk (the database files under references and any code directories you lint). The hard-coded path in extract_functions.py could cause the script to read an unexpected file if run without modification.
Install Mechanism
No install spec — instruction-only with bundled scripts and local JSON/GZ database files. This is low-risk compared to downloads/installers. The large compressed DB is included in the repo rather than fetched from the network.
Credentials
The skill declares no environment variables or credentials, which fits its offline/local utility. However, the tools intentionally read local files and directories (for linting and loading database files). This is expected for a linter/lookup tool but means the scripts can access any file paths you point them at. The unexpected absolute path in extract_functions.py is disproportionate and may attempt to read a local download from a specific user account if executed as-is.
Persistence & Privilege
always:false, user-invocable:true — normal. The skill does not request persistent platform-level privileges. It can run a web server (Flask) if you start it, which exposes a local HTTP interface; consider network exposure risk if run on a server.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md pre-scan flagged unicode control characters. These can be used to obfuscate or alter how text appears to an LLM or to hide content; they are not expected for a normal developer-facing README/instruction file. Inspect the raw SKILL.md bytes before trusting automated parsing or evaluation.
What to consider before installing
This skill is largely coherent with its stated purpose (local API database + chatbot + linter). Before running anything: (1) Inspect SKILL.md raw bytes for hidden control characters (the scanner flagged unicode-control-chars). (2) Open the scripts and remove or modify any hard-coded absolute paths (extract_functions.py references /root/.openclaw/qqbot/downloads/...) — do not run scripts that read unexpected absolute locations. (3) If you run the web mode (Flask), run it on a safe host and bind to localhost if you don't want remote access. (4) Because the tool reads files you point it at, only lint code or directories you trust. (5) If you plan to use this in automation, prefer to run it in a restricted environment (container/VM) and audit any file I/O first. If you want, I can show the exact lines with the absolute path and the SKILL.md bytes that contain control characters to help you inspect/clean them.Like a lobster shell, security has layers — review code before you run it.
latestvk978jvyq20fgrc405pv6jn3wwn832979
License
MIT-0
Free to use, modify, and redistribute. No attribution required.