Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
project-assistant
v1.0.0项目初始化与智能分析工具。当用户要求初始化新项目、分析项目结构、项目问答时使用。触发词:初始化项目、init、分析项目、项目问答。
⭐ 0· 299·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the included code: the repo contains many Python scripts for detection, analyzers, QA document management and Feishu integration and the skill only requires python3. However README/SKILL.md mention Feishu tokens (feishu.doc_token, etc.) and cross-session config storage (config.json) but the skill's declared requirements list no environment variables — the feature is supported via stored config rather than explicit declared env vars. That's plausible but worth calling out because credentials may be stored in config.json rather than passed as env vars.
Instruction Scope
SKILL.md instructs the agent to scan a project directory, read and update .claude/project.md, run many local analyzers (detector, cache manager, qa_doc_manager, feishu_doc_manager, env_scanner, call-chain analyzer). Those analyzers can read arbitrary project files (including .env, config files, source) and the env_scanner module is present, which may detect/expose environment variables or secrets. SKILL.md also contains detected unicode-control-chars (prompt-injection) which could be an attempt to influence runtime behavior. The instructions do not explicitly warn users about scanning for secrets or external transmission of generated reports.
Install Mechanism
No install spec (instruction-only) and required runtime is just python3. Code is provided with the skill (many Python scripts) and will be executed locally; there is no suspicious remote download/install mechanism in the manifest.
Credentials
The skill declares no required environment variables (good), but supports storing arbitrary configuration (config.json) and references Feishu integration in README/SKILL.md. Feishu tokens are referenced in docs (feishu.doc_token, etc.) and could be stored in config.json via the config_manager. The ability to store arbitrary custom keys (custom.*) means secrets could be persisted across sessions; this is functionally coherent but sensitive and not made explicit in the top-level requirements.
Persistence & Privilege
always:false (normal). The skill persists configuration to config.json in its baseDir (documented) to enable cross-session settings. It does not request global system modifications or 'always' inclusion. However cross-session stored config can contain tokens/keys — the skill is allowed to persist data within its own directory.
Scan Findings in Context
[unicode-control-chars] unexpected: Unicode control characters were detected inside SKILL.md. This pattern is commonly used in prompt-injection attempts to alter how the agent interprets instructions. Even if accidental, it should be inspected and removed or explained.
What to consider before installing
Before installing or enabling this skill: 1) Inspect SKILL.md, scripts/feishu_doc_manager.py and scripts/analyzers/env_scanner.py to understand what data is read, logged, or transmitted. 2) Be cautious storing any API tokens or secrets: the skill stores config in config.json (cross-session) and supports Feishu tokens — only add tokens if you trust the code and destination. 3) If you plan to run it on sensitive repositories, run it in a sandbox or on a copy without secrets (or remove .env and credentials first). 4) Remove or review any unicode/control characters in SKILL.md (they could be a prompt-injection artifact). 5) If you need guarantees about data exfiltration, require explicit declarations of external endpoints and audit the network behavior of feishu_doc_manager before providing tokens. If you want me to, I can scan the specific files (feishu_doc_manager.py, env_scanner.py, qa_doc_manager.py) and summarize any external network calls, data serialization, or obvious secret-handling code.Like a lobster shell, security has layers — review code before you run it.
latestvk971zdvawxmx8nh2keexed82vx82ps3e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚀 Clawdis
Binspython3