Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Understand-Anything
v1.1.0Analyze a codebase to produce an interactive knowledge graph for understanding architecture, components, and relationships
⭐ 0· 84·0 current·0 all-time
byYuxiang Lin@lum1104
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to analyze a codebase but its instructions repeatedly assume availability of command-line tools (git, node, find, wc, mkdir) and the ability to write/execute temporary Node.js scripts. The registry metadata declares no required binaries or env vars — that mismatch is incoherent. Legitimately, a local code analyzer would need git and a runtime (node/python) declared explicitly.
Instruction Scope
SKILL.md instructs reading many repository files (README, manifests, all source files), composing those contents into subagent prompts, and writing intermediate files under .understand-anything and /tmp. The Project Scanner prompt also contains a direct contradiction: it lists an exclusion filter that would drop *.json and README.md, but elsewhere the pipeline explicitly reads package.json, tsconfig.json, and README.md. Subagents receive file contents (README, manifest, file batches) which will be included in prompts — this effectively transmits repo content to whatever model/subagent endpoint is used.
Install Mechanism
There is no install spec (instruction-only), which usually lowers risk. However, the runtime instructions require creating and executing ad-hoc scripts (Node.js) in /tmp and running shell commands. That means code will be written and run at analysis time even though nothing is installed up-front; this dynamic execution increases risk compared with a pure read-only inspector.
Credentials
The skill declares no environment variables or credentials, which is good, but it will read repository files (including manifests and potentially config files) and inject their contents into subagent prompts. That can leak sensitive data contained in the repository (API keys, DB connection strings in config files). The prompts do not limit which files are sent and the exclusion rules are inconsistent, so sensitive files could be included unintentionally.
Persistence & Privilege
The skill does not request 'always: true' and will write output under the project directory (.understand-anything/) and temp files under /tmp. That level of persistence is typical for analysis tools and is proportionate, but be aware it creates on-disk artifacts and executes temporary scripts. Autonomous invocation is enabled by default (not flagged by itself) — combined with the other concerns that increases blast radius.
What to consider before installing
This skill will read many project files, create temporary scripts in /tmp, and execute them (Node.js is assumed) while sending extracted file contents into dispatched subagents. Before installing: (1) Confirm the runtime has git and node (or request the author to declare required binaries). (2) Ask the author to fix the contradictory exclusion rules (the scanner claims to exclude *.json/*.md but then reads package.json and README.md). (3) Verify whether subagent prompts are sent to external model(s); if so, do not allow sensitive files (configs, env files, secrets) to be included — request an option to redact or exclude paths. (4) Prefer running this tool in a sandbox or on a copy of the repo with secrets removed. (5) If you only want limited analysis, use the documented --full/dir argument to scope to a safe subdirectory. (6) Inspect .understand-anything and /tmp outputs after a run and remove them if you don't want persistent artifacts. If you need help formulating questions for the skill author (required binaries, data exfil rules, ability to run offline), I can draft those.Like a lobster shell, security has layers — review code before you run it.
latestvk972xmj1j68pc6nva9qfg5mm8h839c50
License
MIT-0
Free to use, modify, and redistribute. No attribution required.