Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SDD - Scenario-Driven Detection
v1.0.0Scenario-Driven Detection — AI 자율 추론 기반 논리 결함 탐지/수정 프레임워크. 기능 에러(crash, 500)가 아닌 '논리적으로 비정상인 동작'을 찾아 자동 수정한다. 사용 시점: (1) URL을 주고 웹사이트 논리 테스트 요청, (2) 소스코드 프로젝...
⭐ 0· 226·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (find and automatically fix 'logical' defects in UIs/APIs) is plausible. However, achieving that requires filesystem access, VCS (git) operations, a browser automation/runtime (e.g., Playwright/Puppeteer or a real browser), and test runners. None of those tools, binaries, or environment/credential requirements are declared in the metadata, which is an incoherence: either the skill assumes the agent environment already has extensive capabilities or the metadata is incomplete.
Instruction Scope
SKILL.md instructs the agent to crawl URLs (click elements, capture DOM), analyze and modify source code (file:line changes), run existing tests, commit fixes, and post md reports to external channels (Discord/Slack). It also tells the agent to request login credentials or cookies when needed. These are high-scope actions that access user files, credentials, and external networks — none of which are described in the skill metadata or constrained in the instructions (e.g., no explicit requirement that the user must approve commits before they are made).
Install Mechanism
There is no install spec or code (instruction-only), which reduces supply-chain risk. That said, the runtime behavior described implicitly requires nontrivial tooling (browser automation, test runners, git). The absence of declared dependencies or recommended runtime tools is a gap (not an immediate code-execution risk, but an operational mismatch).
Credentials
The skill requests (in instructions) credentials/cookies for authenticated crawling and suggests posting reports to third-party channels — yet the registry metadata declares no required env vars or primary credential. The implicit need for access tokens, webhook URLs, or repository write permissions is disproportionate to the metadata and should be explicitly declared. The skill also writes files and performs VCS commits, which are sensitive actions relative to an 'analysis' skill.
Persistence & Privilege
The skill will write report files and, in Mode A, modify source code and create commits. While always:false (it is not force-enabled), these actions are powerful: autonomous invocation combined with code-modifying instructions increases blast radius if the agent is allowed to act without user confirmation. The SKILL.md does not mandate explicit user approval before applying commits, only a general note about not breaking tests — this is a privilege/consent gap.
What to consider before installing
Before installing or using this skill, be aware of these points: 1) The skill will try to read and modify your project files, run tests, and make git commits — only use it on repositories you trust and back up or work on a branch/fork. 2) It performs live site crawling and may require login credentials or tokens; provide only ephemeral or least-privilege credentials and avoid sharing long-lived secrets. 3) The metadata does not declare required tools (browser automation like Playwright/Puppeteer, a headless browser, git, node/test runner); confirm your agent environment has the expected tooling or the skill may fail or behave unpredictably. 4) Confirm whether the agent will ask for explicit user approval before applying any code changes or pushing commits — prefer modes that generate fix proposals rather than auto-applying fixes. 5) If you plan to let the agent post reports to Slack/Discord, use dedicated webhooks with limited scope. Providing the author or maintainer details, a clear list of runtime dependencies, and an explicit safety/consent flow (e.g., require interactive confirmation for commits) would reduce risk and could change this assessment to benign.Like a lobster shell, security has layers — review code before you run it.
latestvk971vnq9f2srdmv0nb4v30esj182mc2e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.