ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SATAgent

v1.0.0

Run the pure-LLM variant of the QLCoder workflow for both CVE samples and local Web App repositories. Supports multi-profile taint-flow analysis with source/...

1· 48·0 current·0 all-time
by@setg-git
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and bundled files implement a QLCoder pure-LLM taint-flow analysis (Java/Python web) which matches the described capability, but the registry metadata/name ('SATAgent') does not match the SKILL.md name/slug (qlcoder-pure-llm / coder-pure-llm). This naming mismatch and leftover absolute paths (e.g., /Users/aibot/...) are incongruent and suggest sloppy packaging or repackaging.
Instruction Scope
Instructions intentionally read repository files, build manifests, and run local analysis; the bundled script performs wide file-system scanning (rglob over repo), pattern matching, writes JSON artifacts, and calls subprocess.run to invoke external commands (e.g., python -m qlcoder.cli). Those actions are consistent with code-analysis purpose, but SKILL.md contains hard-coded absolute developer paths and encourages running the wrapper which will search the entire repo — a significant scope that should be reviewed by the user.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-only with a bundled Python script. Nothing external is fetched during install by the skill package itself.
Credentials
The skill declares no required environment variables or credentials and the code does not require external tokens. It reads local files and may invoke local Python modules; no unnecessary secrets access is requested.
Persistence & Privilege
always:false and no special persistence or modifications to other skills are requested. The skill can be invoked by the model (normal default). The primary risk is the skill's ability to read workspace/repo files and run subprocesses when executed.
What to consider before installing
This skill runs local repository-wide scanning and executes subprocesses (it invokes python -m qlcoder.cli and similar). Before installing or running: 1) Confirm the QLCoder project you expect is present (qlcoder/cli.py) and that you trust that code; 2) Inspect scripts/run_pure_llm.py (already bundled) to ensure there are no hidden network calls or unexpected commands beyond the visible filesystem scanning and subprocess usage; 3) Note the SKILL.md contains developer-specific absolute paths (/Users/aibot/...), update those to your environment or run from a copy; 4) Run the skill in an isolated sandbox or on a non-sensitive copy of the repository first; 5) If you need stronger assurance, ask the publisher to fix the naming/packaging inconsistencies and remove hard-coded paths. These discrepancies (name mismatch and hard-coded paths) are the main reasons this analysis is flagged as suspicious rather than benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk976tp76c8xqnp6gf1spd7sdkx83q68t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments