ClawHub

OpenClaw Codebase Intelligence

v1.1.0

Intelligent codebase analysis and understanding with caching. Automatically explores project structure, identifies modules, analyzes dependencies, and answer...

0· 41·0 current·0 all-time
by@michealxie001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (codebase analysis, indexing, QA, diagrams) match the included scripts (analyze, indexer, ask, deps, diagram, main). No unrelated binaries, environment variables, or cloud credentials are requested.
Instruction Scope
SKILL.md instructs the agent/user to run the scripts against a project root. The scripts traverse and read all files in the repository and create a local cache (.codebase-intelligence). This is expected for the stated purpose, but it will index any secrets or sensitive files present in the repo and store them in the cache — users should avoid running it on repos with sensitive data or inspect cache contents.
Install Mechanism
No install spec (instruction-only). Code is shipped as Python scripts that run directly; no external downloads or strange install steps were found in the provided manifest.
Credentials
The skill requires no environment variables, credentials, or config paths. The code references only local filesystem operations. A minor note: ask_v2 mentions LLM/kimi_search in comments, but no external API keys or network calls appear in the supplied files.
Persistence & Privilege
always:false and normal autonomous invocation are set. The tool writes a local cache directory by design and the SKILL.md suggests optional Git hook / CI integration examples; if applied, those could cause automatic indexing runs — review those hooks before enabling them.
Assessment
This package appears to be a conventional local codebase indexing and query tool and does not request credentials or perform obvious network activity, but take these precautions before using it: - Don't run it on repositories containing secrets or sensitive data unless you trust the environment; the index/cache will contain readable copies or references to files. - Inspect the created cache (.codebase-intelligence/) and consider adding it to .gitignore so cached indexes aren't committed. - The SKILL.md includes optional Git hook and CI examples — do not add those automatically; review them first because they can cause automatic runs. - There are signs of incomplete/truncated code in provided files (possible runtime errors). Test on a small, non-sensitive repo first to confirm behavior. - If you plan to run it in an environment with network access and are security-conscious, run it in an isolated environment (container/VM) while you audit the full indexer/main.py code (remaining files were truncated here). If you want, I can scan the remaining files (indexer.py, main.py and any truncated portions) for network calls, subprocess usage, or code that would change this assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97envt2e2dy0e68g4d726g0r5842sgn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments