ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kafka写入hive和sr

v1.0.1

为 bethune 项目生成新的 Flink Kafka 到 Hive 和 StarRocks 双写监控任务,参考 Bus_Search_ReplacePrice_KafkaToStarRock_34 及相邻的 33/35/36 模式,自动产出 Job 类、MessageModel、PO、4 个 config.p...

0· 155·0 current·0 all-time
by@printsky
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim to generate Flink Job/MessageModel/Po and update four config files and optionally run a compile; SKILL.md only requires reading repo artifacts, writing Java and properties files, and optionally running 'mvn -DskipTests compile'. No unrelated credentials, binaries, or installs are requested, so the declared requirements match the claimed purpose.
Instruction Scope
Instructions are narrowly focused on reading reference artifacts, producing three Java files and four config changes, and optionally running mvn compile. It does assume the agent has read/write access to the target repository and the ability to run Maven; SKILL.md does not declare required binaries but this is an operational expectation rather than a security mismatch. There are no directives to read unrelated system files or exfiltrate data.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. That minimizes disk-write and remote-download risk.
Credentials
No environment variables, credentials, or config paths are requested. The tasks described (code generation and config updates) typically do not require secrets, so the absence of requested credentials is proportionate.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes beyond writing files in the target repository. Autonomous invocation is allowed (platform default) but not combined with broad credentials or elevated privileges.
Assessment
This skill appears coherent and limited to generating Flink job code and updating configs. Before installing, confirm the agent will run in a safe environment and that you are comfortable granting it read/write access to the target repository (it will modify files). If you enable the optional compile step, remember 'mvn compile' may fetch dependencies and run build scripts (network access and arbitrary build-time code can run), so prefer running compile on a fork or CI sandbox and review diffs before merging. No credentials are requested by the skill; if the agent later asks for API keys or repo credentials, treat that as unexpected and investigate.

Like a lobster shell, security has layers — review code before you run it.

latestvk979za1hmcqn1jk935rjpfv2158375wa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments