Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CLAUDE.md Auto Discovery
v0.1.0Automatically discovers and loads CLAUDE.md files in the project root with support for @include directives and reverse order loading up to 40,000 characters.
⭐ 0· 7·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description claim automatic discovery and loading of CLAUDE.md files; the included Python and Node scripts implement upward traversal (up to 4 levels), reverse-order loading, and truncation to 40,000 chars — this matches the advertised core capability. However SKILL.md promises @include handling which neither code file implements, so there is a mismatch between stated capabilities and actual code.
Instruction Scope
SKILL.md states the skill will '自动执行' (auto-run) when the user sends a message and references an agent API (fs.readFileWithinRoot) and 'inject into system context'. The registry flags show always:false (not force-enabled) and the code files are simple CLI-style scripts that read local files and print combined content. The conflict between 'auto-run on every message' in SKILL.md and the registry metadata plus the lack of an explicit runtime hook is a behavioral ambiguity. The code reads files from the current working directory and up to 3 parents, which is within scope for discovery but does mean repository contents (potentially sensitive project text) will be loaded into the agent/system context.
Install Mechanism
No install spec is provided (instruction-only skill) and the package contains two simple code files (Python and Node) with no remote downloads, no npm/go installs, and no extract-from-URL steps. That lowers install-time risk; the files are plain source and do not perform network calls.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does perform local filesystem reads limited to files named 'CLAUDE.md' (and a variant with a leading space) in the working directory and up to 3 parent directories; that access is proportional to the stated purpose but still may surface project content into the agent context.
Persistence & Privilege
The skill is not marked always:true and does not request elevated system privileges. However SKILL.md explicitly claims automatic execution on every user message; since model-invocation is enabled by default (disable-model-invocation:false), the agent could still autonomously call the skill if the platform's skill routing allows it. This discrepancy between documentation and metadata should be clarified.
What to consider before installing
What to check before installing:
- Confirm the trigger model: SKILL.md says it auto-runs on each user message, but the registry does not set always:true. Ask the author how and when the skill is invoked by the agent.
- Understand what will be injected: the code will read any CLAUDE.md files in the current directory and up to 3 parents and print their contents (combined and truncated). If your repo stores sensitive info in such files, that content could be added to the agent's system prompt/context.
- Ask about @include handling: the README promises @include parsing but neither Python nor Node files implement it — this is a functional mismatch you should resolve.
- Note there are no network calls or credential requests in the code, which lowers exfiltration risk, but the main risk is sensitive local content being loaded into the agent context. Consider testing in a sandboxed project or asking for code updates to explicitly implement and document include handling, invocation semantics, and any safety filters (e.g., skip files in .git or CI folders) before using in sensitive environments.Like a lobster shell, security has layers — review code before you run it.
latestvk97cd987k63tsg5jec938zr65x84b6g1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.