ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Codebase Intelligence

v1.0.0

Intelligent codebase analysis and understanding with caching. Automatically explores project structure, identifies modules, analyzes dependencies, and answer...

0· 40·0 current·0 all-time
by@michealxie001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included scripts (analyze, indexer, ask, deps, diagram). The code is a local indexer/search/diagram tool and does not declare external credentials or binaries. However, the SKILL.md and some file headers claim LLM integration and production readiness while the provided scripts appear regex-based and limited; that is an overstated capability relative to the shipped code.
!
Instruction Scope
SKILL.md instructs running the Python scripts against an entire project and creating a cache under <project>/.codebase-intelligence/. That behavior is expected for this purpose, but it will read and index all files under the target path (including any secrets or config checked into the repo). The docs also suggest adding a pre-commit git hook (optional) which would execute indexing on git operations — a change to repository hooks that the user must explicitly authorize. The docs refer to a pickle cache file (.codebase-intelligence/codebase_index.pkl); if the code uses pickle for loading cache, that can be a remote code execution vector if an attacker can tamper with the cache file.
Install Mechanism
There is no install spec (instruction-only skill plus bundled Python scripts). No external installers, downloads, brew/npm, or network fetches are declared in SKILL.md. Running these scripts requires only Python available on the system.
Credentials
No environment variables, credentials, or config paths are required by the skill metadata or visible code. That is proportional to a local code analysis tool. Note: because the tool indexes entire repositories, it will read any files present in the target directory (including credentials committed into the repo) — this is expected but worth flagging.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It writes a cache directory inside the project (as documented). The only persistence-like suggestion is an optional git hook sample; adding that hook would be a repository change and should be applied only after review. No evidence in the provided snippets of the skill modifying other agent or system settings.
What to consider before installing
What to check before installing or running this skill: - Review indexer.py and scripts/main.py in full for any network calls, subprocess/os.system usage, or imports of third-party libraries that might reach out to external services. The truncated snippets don't show network calls, but the indexer was not fully shown. - Be cautious about running it against sensitive repositories: the tool indexes and caches full file contents under <project>/.codebase-intelligence/, so secrets or credentials in the repo will be read and stored locally. - The SKILL.md mentions a cache file named codebase_index.pkl. If the code loads that file using pickle, loading an attacker-controlled pickle can execute arbitrary code. Confirm the cache format and refuse to load caches from untrusted locations. - The bundle contains incomplete/truncated code and apparent syntax/logic issues in the provided snippets (e.g., truncated functions/lines). That indicates it may crash or behave unexpectedly; treat it as not production-ready until fixed. - Do not add the suggested git hook to important repositories until you have reviewed the hook script; adding it will cause the tool to run automatically on commits. - If you want to try it, run it in a disposable/sandboxed environment and against a non-sensitive repository first. Consider running Python in a virtualenv and inspect the created cache directory after indexing. If you want, I can: (1) scan the remaining/truncated files for network or unsafe deserialization usage, (2) point out exact lines that indicate syntax errors, or (3) suggest safer alternatives for caching (e.g., JSON rather than pickle) and sandboxed invocation commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vj5fyewxwdbs8vwt03d6ph8412mg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments