Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Edith Augment Code
v1.0.0Use Augment Code (Auggie CLI) to analyze, generate, and modify code through Edith smart glasses or OpenClaw. Triggers when the user asks to build, code, debu...
⭐ 0· 44·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the runtime instructions: the SKILL.md tells the agent to call the Augment Code CLI (auggie) to generate, analyze, debug, and modify code. The required actions (installing the auggie npm package and running auggie login) are coherent with that purpose and no unrelated binaries or credentials are requested.
Instruction Scope
Instructions explicitly run auggie commands against the 'current project' and specific source paths (e.g., src/ws-relay.ts). Examples use --print (read/analysis), which is safer, but the skill also describes generating and modifying code without clearly limiting commands to read-only modes. The SKILL.md does not disclose whether auggie will send project contents to a remote service, so the agent could transmit sensitive code or modify files if non-print modes are used.
Install Mechanism
This is an instruction-only skill with no install spec. It asks users to run 'npm install -g @augmentcode/auggie' themselves. That is a common install path (npm registry) but is performed outside the skill; the skill does not auto-download or execute remote archives.
Credentials
The skill declares no required env vars or config paths, which is appropriate. However, it requires 'auggie login' (authentication) but does not describe where credentials/tokens are stored or whether the CLI will call remote services. Absence of declared credential handling is a gap: the CLI likely stores tokens locally and/or sends code to Augment Code's backend, which has privacy implications not documented here.
Persistence & Privilege
always:false and user-invocable:true (default) — the skill does not request permanent inclusion or elevated platform privileges. It does not modify other skills or system agent configs according to the provided files.
What to consider before installing
This skill is coherent with its stated purpose (wrapping the Auggie CLI) but exercise caution before using it on private or proprietary code. Key considerations:
- Understand what 'auggie login' does: verify where the CLI stores tokens (local files) and how to revoke them.
- Verify whether the Auggie CLI sends project files to a remote service (read the CLI's docs and the npm package page) before running analysis on sensitive repositories.
- Prefer the --print/read-only mode for analysis and debugging tasks; avoid running commands that may modify files without an explicit confirmation step.
- When installing, confirm the npm package identity and maintainers (@augmentcode/auggie) on the official registry; consider installing in an isolated environment if you are unsure.
- The skill's source is unknown and there is no homepage link; if you require strong assurance, request the publisher to provide a homepage, privacy/security docs, and details on auth/token storage and network behavior before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk972f36sp0xzphjb2h6ttptf7183rsxg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.