ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cc Coder

使用 Claude Code CLI 自动编写代码。触发条件:用户要求写代码、创建项目、修复 bug、实现功能等编程任务。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 257 · 2 current installs · 2 all-time installs
byRiven@wenlavril
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose is to use the Claude Code CLI to write code, but the package declares no required binaries, no install steps, and no required credentials. A legitimate Claude CLI integration should at least declare the 'claude' binary (or provide an install) and likely require API credentials; that omission is an incoherence.
!
Instruction Scope
SKILL.md explicitly instructs running: `claude -p --dangerously-skip-permissions "..."`. That flag directs the agent to bypass approvals/permission checks — this is scope-creep and a direct security red flag. The instructions also direct creating/modifying files, running servers, and committing Git; those actions are expected for a coder assistant but combined with permission-bypassing is risky.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — that minimizes disk write risk. However, the skill nevertheless requires an external CLI at runtime which is not declared or installed by the skill.
!
Credentials
The skill declares no required environment variables or credentials, yet it instructs use of an external CLI that typically requires setup or authentication. The absence of declared credentials is disproportionate and leaves unclear how the CLI will be authorized — a potential covert requirement or omission.
Persistence & Privilege
always is false and there is no install script modifying other skills or agent-wide settings. The skill does instruct writing TASKS.md and modifying project files (expected for a coding assistant), but it does not request persistent, elevated platform privileges.
What to consider before installing
Key concerns: (1) The skill tells the agent to run the Claude Code CLI but does not declare the 'claude' binary or any auth variables — ask the author how the CLI will be provided and authorized. (2) It explicitly uses the flag --dangerously-skip-permissions which bypasses approval/security checks — do not enable or run that behavior in environments with sensitive code or organization policies. (3) Because the skill will create/modify files and run servers, review and sandbox its actions before letting it operate on real repositories. Suggested actions before installing: require the skill to declare the 'claude' binary or supply an install path, remove or justify the use of the skip-permissions flag, and clarify any required credentials; test in an isolated environment and review task output and commits manually.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk976embsfszjbb3tha4vg1dej982dsve

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

CC Coder - Claude Code 代码助手

使用 Claude Code CLI 自动完成编程任务。

任务跟踪

每次任务必须使用 TASKS.md 跟踪进度:

[TIMESTAMP] 任务名称
状态: 进行中/已完成/等待中
进度: X/Y
- 步骤1 ✓/🔄/⏳
- 步骤2 ✓/🔄/⏳

结果: 成功/失败/待测试

符号说明:

  • ✓ 完成
  • 🔄 进行中
  • ⏳ 等待中

执行流程

步骤 1: 解析需求

  • 理解用户要实现的功能
  • 确定目标文件路径
  • 列出需要修改/创建的文件

步骤 2: 调用 Claude Code 写代码

使用以下命令格式:

claude -p --dangerously-skip-permissions "你的具体要求"

关键参数:

  • -p : 单次查询模式
  • --dangerously-skip-permissions : 跳过审批

步骤 3: 验证代码

  • 检查文件是否创建/修改
  • 运行语法检查
  • 如果是 web 项目,尝试启动服务器并测试

步骤 4: Review 结果

  • 对比实现与预期
  • 如果有问题,循环修复
  • 最终给出测试结论

输出要求

每次任务完成必须输出:

  1. 任务状态(成功/失败)
  2. 改动内容摘要
  3. 测试结论(可用/需手动验证/有问题)

示例

用户要求:"修复子弹发射 bug"

执行:

  1. 调用 CC CLI 修复代码
  2. 检查代码改动
  3. 验证语法
  4. 提交 Git
  5. 汇报结果

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…