ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bytesagain Code Reviewer Cn

v1.0.1

Review code files for bugs, security issues, and style problems. Use when auditing Python, JavaScript, Go, or Bash code, checking for injection risks, measur...

0· 47·0 current·0 all-time
by@loutai0307-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included script: the tool reads code files and runs simple pattern checks, complexity counts, and checklists. One inconsistency: SKILL.md lists runtime requirements (bash, python3) but the registry metadata declared no required binaries; the included script clearly requires python3 to work.
Instruction Scope
Runtime instructions and the script operate on files explicitly passed by the user (review/security/complexity/diff). The script reads only the target files and prints local analyses; it does not call external endpoints or access unrelated system paths or environment variables.
Install Mechanism
There is no install spec — this is an instruction-only skill with an accompanying shell script. Nothing is downloaded or executed from external URLs during install.
Credentials
The skill requests no environment variables or credentials. Minor note: SKILL.md requires bash + python3 but these were not declared in registry metadata; ensure python3 is available before use.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide settings. It does not request persistent privileges.
Assessment
This skill appears to do what it says: a local, pattern-based code reviewer implemented as a bash wrapper around small Python analyzers. Things to consider before installing/running: 1) Ensure python3 is available (SKILL.md requires it but registry metadata omits it). 2) The tool only reads files you pass to it — don't point it at files containing secrets you don't want examined (the security scan looks for obvious hardcoded secrets but is basic and can miss things). 3) There is a bug in the security subcommand: the Python code tries to open "$file" literally rather than using the passed filename, which will likely cause a runtime error; you may want to review/fix that code before relying on the security scan. 4) Because the checks are pattern-based, expect false positives/negatives; review results manually for critical code. If you need stronger guarantees, inspect the script locally or run it in an isolated environment before granting it broader use.
scripts/script.sh:67
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976be6z1d8e0ev8pjp3qw0y6n83tbcb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments