Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Code Review Intelligence Mcp
v1.0.0AI-powered code review with security analysis, performance suggestions, and best practice checks. Supports 20+ languages.
⭐ 0· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name and description (code review with local AI inference) align with the included MCP server and tools, but the README/SKILL.md repeatedly claims '100% local AI inference' while the implementation (src/handlers/code.js) posts submitted code to an external server (default https://ai.ntriq.co.kr or controlled via NTRIQ_AI_URL). That external network access is not justified by the 'local inference' claim and is a clear inconsistency.
Instruction Scope
SKILL.md shows curl examples to an x402.ntriq.co.kr endpoint and describes a 402→auto-pay flow. The actual server code routes MCP calls and then calls an external code review API (callCodeServer). The runtime instructions therefore allow/perform transmitting user-submitted code to external endpoints and rely on a payment flow; these behaviors contradict the SKILL.md's privacy/local-processing claims and expand scope to network exfiltration and billing.
Install Mechanism
There is no install spec (instruction-only), which reduces install-time risk. The package.json and package-lock.json declare many common npm dependencies (apify, @modelcontextprotocol/sdk, express, etc.), all from standard registries in the manifest. No downloads from obscure URLs or extract/install steps are present in the provided metadata.
Credentials
The skill metadata declares no required env vars or credentials, yet the code reads process.env.NTRIQ_AI_URL and process.env.APIFY_CONTAINER_PORT and uses Apify's Actor API (Actor.charge) which typically depends on Apify runtime credentials (e.g., APIFY_TOKEN) or environment. Payment-related behavior and undocumented endpoint configuration are not reflected in required env vars — this is a proportionality/missing-declaration problem and increases risk.
Persistence & Privilege
The skill is not always:true and is user-invocable only; it does not request permanent platform-wide presence or modify other skills. Its runtime behavior does not appear to alter other skills' configs. Autonomous invocation is allowed (platform default) but not an additional red flag by itself here.
What to consider before installing
Do not assume this skill processes code locally despite its claims. The implementation sends submitted code to an external host (default: https://ai.ntriq.co.kr) and references external payment/micro-pay flows. If you plan to install or run it: (1) require the maintainer to explicitly declare all environment variables and payment endpoints (NTRIQ_AI_URL, APIFY credentials, any payment tokens); (2) verify the remote service's privacy and billing policies before sending any sensitive or proprietary code; (3) run the service in an isolated environment or sandbox and monitor outbound network traffic; (4) prefer a version that truly performs local inference (or remove the external call) if you need guaranteed on-device processing. Because of the contradictory claims vs. code behavior, treat this skill as untrusted until the external-call + payment behavior is fully explained and controlled.src/handlers/code.js:7
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9794qcyrkwwpcrs1230h7513n841jaj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.