Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OC Code Review
v1.0.0提供代码安全、性能、质量与可维护性四维度全面审查,评分并生成改进建议与详细报告。
⭐ 0· 30·0 current·0 all-time
byNarain@penghang1223
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's description (code review: security/performance/quality/maintainability) matches the included templates and scripts. However SKILL.md expects to access Git/GitHub PRs (git, gh CLI), Feishu documents (feishu-fetch-doc skill), and web_fetch, but the registry metadata declares no required binaries or environment variables. Either required tools/credentials were omitted from metadata or the instructions assume ambient access to host tools/credentials — that mismatch is concerning.
Instruction Scope
Runtime instructions explicitly tell the agent to read local files (`read` tool), run shell commands (`exec` + git/gh), fetch from web pages, and call other skills (feishu-fetch-doc, web_fetch). Those actions grant the skill potential access to arbitrary repository contents and local files if invoked with paths. The SKILL.md does not constrain or sanitize which files/paths to read, nor does it require explicit consent or credentials handling steps — increasing the risk of unintended data access.
Install Mechanism
No install spec / no remote downloads are present; only two small analysis scripts and markdown templates are included. The included Python scripts perform local file analysis and print metrics — they are straightforward and contain no obfuscated or network-exfiltration code.
Credentials
The skill will likely need Git/GitHub credentials (gh, git) and possibly Feishu API credentials to fetch docs, but requires.env is empty and no primary credential is declared. That omission is disproportionate: requesting no credentials while instructing operations that normally require secrets (GH tokens, Feishu tokens, or SSH/git credentials) is an incoherence that should be resolved before use.
Persistence & Privilege
The skill does not request always:true and has no installation steps that modify other skills or global config. Autonomous invocation is allowed by default (normal). There is no evidence the skill persists or escalates privileges on the host.
What to consider before installing
This skill looks like a useful code-review helper, but it currently has mismatches between what it says it will do and what it declares it needs. Before installing or running it: 1) Confirm which host tools it will call (git, gh) and whether you are comfortable allowing the agent to run those commands; 2) Do not provide GitHub/Feishu tokens unless you trust the skill — ask the author to declare required env vars and justify each; 3) Be cautious when allowing the skill to read local file paths or PRs — run it in a restricted/sandboxed environment or with limited-scope tokens first; 4) If you expect to use Feishu or web fetching, verify how data fetched will be handled and stored; 5) Prefer an updated metadata manifest that lists required binaries and credentials (or explicitly states none are needed) so the permission surface is clear. If the author can explain/fix the missing requirements, the skill appears coherent and not malicious.Like a lobster shell, security has layers — review code before you run it.
latestvk97e0jze0c754sdwtzekbdfr0h841bx4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.