ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code Stats

Visualizes repository complexity by counting files, lines of code, and grouping by extension. Use to assess project size or growth.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2.5k · 23 current installs · 23 all-time installs
by@autogame-17
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (repo complexity, file/line counts) align with the provided code and SKILL.md. The module exports getStats and the CLI usage in SKILL.md matches index.js behavior.
Instruction Scope
Instructions ask the agent to analyze the current workspace which is consistent with the code. Note: the scanner will recursively read files under the given path (defaulting to the current working directory) and will attempt to read text files to count lines; it excludes only a few directory names (.git, node_modules, logs, temp, dist) but not dotfiles or other config files (e.g., .env). This is expected for the stated purpose but users should avoid running it on directories containing sensitive data they don't want scanned.
Install Mechanism
No install spec; this is an instruction-and-code skill that runs with node. No external packages or downloads are requested.
Credentials
No environment variables, credentials, or config paths are required. The code only uses local filesystem APIs and does not access unrelated services or secrets.
Persistence & Privilege
The skill does not request persistent/always-on status and does not modify other skills or system settings. It runs as a normal, user-invoked script.
Assessment
This skill appears to do exactly what it claims: recursively count files and (roughly) lines by extension. It does not contact external servers or require credentials. However, it will read whatever directory you point it at (default: current working directory) and will attempt to read text files to count lines — it only skips a few named directories and does not skip dotfiles or config files. Do not run it against directories containing secrets (home, ~/.ssh, project .env files you don't want scanned) unless you are comfortable with those files being accessed even if only for line counts. If you need extra safety, run it on a copy of the repository or a restricted path and review the code (index.js) yourself before use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972yy0pzbps6p8cp4a9yzs14s816495

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Code Stats

Analyzes the current workspace to provide development metrics.

Usage

node skills/code-stats/index.js [path]

Defaults to current working directory if path is omitted.

Output

JSON object with:

  • files: Total file count.
  • lines: Total line count (approximate).
  • byExt: Breakdown by file extension.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…