ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

release-checker

v1.0.0

一体化发版兼容性检查工具。自动分析 Git diff 检测发版兼容性,通过代码智能识别推送中心/Gateway/配置变更,自动检测 SQL 脚本兼容性并生成多数据库版本,输出完整的 TODO 清单和 Markdown 报告。

0· 57·0 current·0 all-time
by@qfann
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (release compatibility, git-diff, SQL conversion) match the included SKILL.md and the Python script. Required tools (git, python) and file access are appropriate for the stated functionality; no credentials or unrelated services are requested.
Instruction Scope
Runtime instructions only ask the agent to run git diff, list/inspect changed files, interactively ask the user which components to process, and call the included Python script on project files. The script reads repository files and transforms SQL — these actions are within the declared scope. Note: the skill will access the project filesystem and execute git/python locally, which is expected but should be noted by users.
Install Mechanism
There is no install spec (instruction-only), but the bundle includes a Python script and requirements.txt listing sqlglot. The environment must have Python and sqlglot installed; the skill does not automatically install dependencies. This is a low-to-moderate operational note (user or host must provide the runtime dependency).
Credentials
The skill requests no environment variables, credentials, or config paths. It operates on repository files and user-supplied paths only. There are no demands for unrelated tokens/keys — proportional to purpose.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent or elevated platform privileges. Autonomous invocation is allowed (platform default) but is not coupled with other red flags.
Assessment
This skill appears to do what it says: it will run git diff and a local Python script that inspects and converts SQL files. Before using it: (1) ensure you trust the included script (review scripts/release_checker.py) because it will read and operate on your repository files; (2) run it in a controlled environment (container or dedicated runner) if you are cautious; (3) install the dependency sqlglot (requirements.txt) in a virtualenv before execution; and (4) be aware it executes subprocesses (git/python) against the project — that is expected behavior, not an unexplained network exfiltration attempt.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dc0v1hj3y4v7m3efpyg9g7984dr9k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments